diff --git a/apps/cde/base/backend-service.yaml b/apps/cde/base/backend-service.yaml new file mode 100644 index 0000000..6a3f366 --- /dev/null +++ b/apps/cde/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: cde-svc + namespace: faas +spec: + type: ClusterIP + selector: + app: cde + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/cde/base/cde-flowscallback.yaml b/apps/cde/base/cde-flowscallback.yaml new file mode 100644 index 0000000..b9faab5 --- /dev/null +++ b/apps/cde/base/cde-flowscallback.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-flowscallback + namespace: cde + labels: + app: cde-flowscallback + service: cde-flowscallback +spec: + replicas: 1 + selector: + matchLabels: + app: cde-flowscallback + template: + metadata: + labels: + app: cde-flowscallback + service: cde-flowscallback + spec: + containers: + - name: cde-flowscallback + image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_3.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-splitpdf.yaml b/apps/cde/base/cde-splitpdf.yaml new file mode 100644 index 0000000..09bcce6 --- /dev/null +++ b/apps/cde/base/cde-splitpdf.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-splitpdf + namespace: cde + labels: + app: cde-splitpdf + service: cde-splitpdf +spec: + replicas: 1 + selector: + matchLabels: + app: cde-splitpdf + template: + metadata: + labels: + app: cde-splitpdf + service: cde-splitpdf + spec: + containers: + - name: cde-splitpdf + image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_3.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-copy.yaml b/apps/cde/base/cde-worker-copy.yaml new file mode 100644 index 0000000..caaf637 --- /dev/null +++ b/apps/cde/base/cde-worker-copy.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-copy + namespace: cde + labels: + app: cde-worker-copy + service: cde-worker-copy +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-copy + template: + metadata: + labels: + app: cde-worker-copy + service: cde-worker-copy + spec: + containers: + - name: cde-worker-copy + image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:preprod_fd483601 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-create-versions.yaml b/apps/cde/base/cde-worker-create-versions.yaml new file mode 100644 index 0000000..62deccd --- /dev/null +++ b/apps/cde/base/cde-worker-create-versions.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-create-versions + namespace: cde + labels: + app: cde-worker-create-versions + service: cde-worker-create-versions +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-create-versions + template: + metadata: + labels: + app: cde-worker-create-versions + service: cde-worker-create-versions + spec: + containers: + - name: cde-worker-create-versions + image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:preprod_ec474ae7 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-markings.yaml b/apps/cde/base/cde-worker-markings.yaml new file mode 100644 index 0000000..5d2a206 --- /dev/null +++ b/apps/cde/base/cde-worker-markings.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-markings + namespace: cde + labels: + app: cde-worker-markings + service: cde-worker-markings +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-markings + template: + metadata: + labels: + app: cde-worker-markings + service: cde-worker-markings + spec: + containers: + - name: cde-worker-markings + image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:preprod_eb50f30e + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-sign.yaml b/apps/cde/base/cde-worker-sign.yaml new file mode 100644 index 0000000..2e08972 --- /dev/null +++ b/apps/cde/base/cde-worker-sign.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-sign + namespace: cde + labels: + app: cde-worker-sign + service: cde-worker-sign +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-sign + template: + metadata: + labels: + app: cde-worker-sign + service: cde-worker-sign + spec: + containers: + - name: cde-worker-sign + image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:preprod_fd483601 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-update-bundles.yaml b/apps/cde/base/cde-worker-update-bundles.yaml new file mode 100644 index 0000000..4421daa --- /dev/null +++ b/apps/cde/base/cde-worker-update-bundles.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-update-bundles + namespace: cde + labels: + app: cde-worker-update-bundles + service: cde-worker-update-bundles +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-update-bundles + template: + metadata: + labels: + app: cde-worker-update-bundles + service: cde-worker-update-bundles + spec: + containers: + - name: cde-worker-update-bundles + image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_3.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde.yaml b/apps/cde/base/cde.yaml new file mode 100644 index 0000000..776f550 --- /dev/null +++ b/apps/cde/base/cde.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde + namespace: cde + labels: + app: cde + service: cde +spec: + replicas: 1 + selector: + matchLabels: + app: cde + template: + metadata: + labels: + app: cde + service: cde + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/cde:preprod_ec474ae7 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/kustomization.yaml b/apps/cde/base/kustomization.yaml new file mode 100644 index 0000000..18d33e8 --- /dev/null +++ b/apps/cde/base/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cde +resources: + - namespace.yaml + - cde.yaml + - cde-splitpdf.yaml + - backend-service.yaml + - cde-flowscallback.yaml + - cde-worker-copy.yaml + - cde-worker-create-versions.yaml + - cde-worker-markings.yaml + - cde-worker-sign.yaml + - cde-worker-update-bundles.yaml \ No newline at end of file diff --git a/apps/cde/base/namespace.yaml b/apps/cde/base/namespace.yaml new file mode 100644 index 0000000..f080923 --- /dev/null +++ b/apps/cde/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cde + labels: + istio-injection: enabled diff --git a/apps/cde/yc-k8s-test/kustomization.yaml b/apps/cde/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/cde/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/cde/yc-k8s-test/replicas.yaml b/apps/cde/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..6982932 --- /dev/null +++ b/apps/cde/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: cde +spec: + replicas: 1 diff --git a/apps/document-link/base/deployment.yaml b/apps/document-link/base/deployment.yaml new file mode 100644 index 0000000..9768188 --- /dev/null +++ b/apps/document-link/base/deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: document-link + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + version: stable + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:wb_cb2027ce + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/document-link/base/kustomization.yaml b/apps/document-link/base/kustomization.yaml new file mode 100644 index 0000000..649812b --- /dev/null +++ b/apps/document-link/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: document-link +resources: + - namespace.yaml + - deployment.yaml + - service.yaml diff --git a/apps/document-link/base/namespace.yaml b/apps/document-link/base/namespace.yaml new file mode 100644 index 0000000..b63e16c --- /dev/null +++ b/apps/document-link/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: document-link + labels: + istio-injection: enabled \ No newline at end of file diff --git a/apps/document-link/base/service.yaml b/apps/document-link/base/service.yaml new file mode 100644 index 0000000..8fca3f7 --- /dev/null +++ b/apps/document-link/base/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: document-link +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/document-link/yc-k8s-test/kustomization.yaml b/apps/document-link/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/document-link/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/document-link/yc-k8s-test/replicas.yaml b/apps/document-link/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..dc08800 --- /dev/null +++ b/apps/document-link/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: document-link +spec: + replicas: 1 diff --git a/apps/documentations/base/api-deployment.yaml b/apps/documentations/base/api-deployment.yaml new file mode 100644 index 0000000..7aa3014 --- /dev/null +++ b/apps/documentations/base/api-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: documentations-api + namespace: documentations + labels: + app: documentations-api + service: documentations-api +spec: + replicas: 1 + selector: + matchLabels: + app: documentations-api + template: + metadata: + labels: + app: documentations-api + service: documentations-api + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: documentations-api + image: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_a9990430 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ZITADEL_ACCOUNT + value: /etc/sarex/zitadel/zitadel-account.json + - name: ZITADEL_DOMAIN + value: zitadel-srx.wb.ru + - name: USE_ZITADEL + value: "1" + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: "36311" + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + valueFrom: + secretKeyRef: + key: secret + name: yc-jwt-secret + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: "5" + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: https://srx.wb.ru/workspaces-v2/ + - name: ENABLE_S3 + value: "1" + - name: CONTAINER_REGISTRY + value: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: production + - name: LAST_SLAVE_1_BIM + value: "1000000" + - name: HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: FILE_STREAM_HOST + value: srx.wb.ru + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: https://document-link-srx.wb.ru + - name: NAMESPACE + value: documentations + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: ENABLE_SMTP + value: "True" + - name: ENABLE_MAILGUN + value: "False" + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: ENABLE_AUTH_JWT_IN_URL + value: "false" + - name: ENABLE_SIGNATURE_IN_URL + value: "true" + - name: USE_CACHE_IN_FILE_STREAMER + value: "0" + - name: VALKEY_ADDR + value: redis:6379 + - name: VALKEY_HOST + value: redis + - name: VALKEY_PORT + value: "6379" + + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + valueFrom: + secretKeyRef: + key: key + name: django-auth + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/api-service.yaml b/apps/documentations/base/api-service.yaml new file mode 100644 index 0000000..c7d1da1 --- /dev/null +++ b/apps/documentations/base/api-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-api-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: documentations-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/documentations/base/filestream-deployment.yaml b/apps/documentations/base/filestream-deployment.yaml new file mode 100644 index 0000000..13c5b2d --- /dev/null +++ b/apps/documentations/base/filestream-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: documentations-filestream + namespace: documentations + labels: + app: documentations-filestream + service: documentations-filestream +spec: + replicas: 1 + selector: + matchLabels: + app: documentations-filestream + template: + metadata: + labels: + app: documentations-filestream + service: documentations-filestream + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: documentations-filestream + image: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_a9990430 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ZITADEL_ACCOUNT + value: /etc/sarex/zitadel/zitadel-account.json + - name: ZITADEL_DOMAIN + value: zitadel-srx.wb.ru + - name: USE_ZITADEL + value: "1" + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: "36311" + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + valueFrom: + secretKeyRef: + key: secret + name: yc-jwt-secret + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: "5" + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: https://srx.wb.ru/workspaces-v2/ + - name: ENABLE_S3 + value: "1" + - name: CONTAINER_REGISTRY + value: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: production + - name: LAST_SLAVE_1_BIM + value: "1000000" + - name: HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: FILE_STREAM_HOST + value: srx.wb.ru + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: https://document-link-srx.wb.ru + - name: NAMESPACE + value: documentations + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: ENABLE_SMTP + value: "True" + - name: ENABLE_MAILGUN + value: "False" + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: ENABLE_AUTH_JWT_IN_URL + value: "false" + - name: ENABLE_SIGNATURE_IN_URL + value: "true" + - name: USE_CACHE_IN_FILE_STREAMER + value: "0" + - name: VALKEY_ADDR + value: redis:6379 + - name: VALKEY_HOST + value: redis + - name: VALKEY_PORT + value: "6379" + + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + valueFrom: + secretKeyRef: + key: key + name: django-auth + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/filestream-service.yaml b/apps/documentations/base/filestream-service.yaml new file mode 100644 index 0000000..8ec4d34 --- /dev/null +++ b/apps/documentations/base/filestream-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-filestream-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: documentations-filestream + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/documentations/base/frontend-deployment.yaml b/apps/documentations/base/frontend-deployment.yaml new file mode 100644 index 0000000..c190637 --- /dev/null +++ b/apps/documentations/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: documentations + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ce5555d3 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/frontend-service.yaml b/apps/documentations/base/frontend-service.yaml new file mode 100644 index 0000000..f4ad089 --- /dev/null +++ b/apps/documentations/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: documentations +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/documentations/base/kustomization.yaml b/apps/documentations/base/kustomization.yaml new file mode 100644 index 0000000..342acc4 --- /dev/null +++ b/apps/documentations/base/kustomization.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: documentations +resources: + - namespace.yaml + - api-deployment.yaml + - pdm-deployment.yaml + - filestream-deployment.yaml + - frontend-deployment.yaml + - api-service.yaml + - pdm-service.yaml + - filestream-service.yaml + - frontend-service.yaml diff --git a/apps/documentations/base/namespace.yaml b/apps/documentations/base/namespace.yaml new file mode 100644 index 0000000..1f0a0fd --- /dev/null +++ b/apps/documentations/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: documentations + labels: + istio-injection: enabled diff --git a/apps/documentations/base/pdm-deployment.yaml b/apps/documentations/base/pdm-deployment.yaml new file mode 100644 index 0000000..368a298 --- /dev/null +++ b/apps/documentations/base/pdm-deployment.yaml @@ -0,0 +1,198 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pdm-api + namespace: documentations + labels: + app: pdm-api + service: pdm-api +spec: + replicas: 1 + selector: + matchLabels: + app: pdm-api + template: + metadata: + labels: + app: pdm-api + service: pdm-api + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: pdm-api + image: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_38958427 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + protocol: TCP + env: + - name: USE_EXPERIMENTAL + value: "true" + - name: RELEASES_TOKEN + valueFrom: + secretKeyRef: + key: key + name: releases-token + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_POOL_SIZE + value: "20" + - name: TRANSMITTALS_BASE_URL + value: mock + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: BUCKET_NAME + value: attachments-storage + - name: API_HOST_PREFIX + value: / + - name: APP_NAME + value: pdm_v2 + - name: APP_VERSION + value: 0.0.1 + - name: ENABLE_PERMISSIONS_FILTER + value: "1" + - name: PERMISSIONS_FILTER_COMPANIES + value: '[1]' + - name: TRANSMITTALS_ENABLE + value: "false" + - name: DRAWINGS_INTERNAL_URL + value: http://drawings-api-service.drawings.svc.cluster.local:80 + - name: ATTACHMENTS_URL + value: http://attachments-service.attachments.svc.cluster.local:8000 + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: BIM_V2_HOST + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: EAV_URL + value: http://eav-service.eav.svc.cluster.local:8000 + - name: ENABLE_OBSERVABILITY + value: "false" + - name: ENABLE_S3 + value: "1" + - name: ENABLE_SSL + value: "0" + - name: ENVIRONMENT + value: prod + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: HEIGHT_THUMB_ATTACHMENTS + value: "300" + - name: HEIGHT_THUMB_STATES + value: "73" + - name: HTTP_PORT + value: "8080" + - name: INSPECTIONS_URL + value: http://inspections-service.inspections.svc.cluster.local:80 + - name: LOG_LEVEL + value: INFO + - name: NOTES_URL + - name: OBSERVABILITY_COLLECTOR_ENDPOINT + value: temp + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: RELEASES_URL + value: https://gitlab.com + - name: REMARKS_URL + value: http://remarks-static-service.remarks.svc.cluster.local:8080/remarks + - name: RESOURCES_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: STATES_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: SUBSCRIPTIONS_URL + value: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: TARGET_URL + value: http://backend.django.svc.cluster.local:8000 + - name: USE_CACHE_IN_FILE_STREAMER + value: "1" + - name: USE_SUBSCRIPTIONS + value: "false" + - name: WIDTH_THUMB_ATTACHMENTS + value: "300" + - name: WIDTH_THUMB_STATES + value: "120" + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/pdm-service.yaml b/apps/documentations/base/pdm-service.yaml new file mode 100644 index 0000000..b978673 --- /dev/null +++ b/apps/documentations/base/pdm-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: pdm-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: pdm-api + ports: + - name: http + port: 80 + targetPort: 8080 + protocol: TCP diff --git a/apps/documentations/yc-k8s-test/kustomization.yaml b/apps/documentations/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/documentations/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/documentations/yc-k8s-test/postgresql.yaml b/apps/documentations/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..ec3b708 --- /dev/null +++ b/apps/documentations/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: documentations +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,ltree,timescaledb,uuid-ossp" + databases: + - name: documentations_db + user: documentations + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/eav/base/backend-deployment.yaml b/apps/eav/base/backend-deployment.yaml new file mode 100644 index 0000000..d41653a --- /dev/null +++ b/apps/eav/base/backend-deployment.yaml @@ -0,0 +1,126 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: eav + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247 + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + + env: + - name: KAFKA_ENABLED + value: "False" + - name: ASSETS_TOPIC + value: sarex + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: DJANGO_POSTGRES_DATABASE + value: eav_db + - name: YC_S3_ENDPOINT_URL + value: http://minio-svc.minio.svc.cluster.local:9000 + - name: YC_S3_BUCKET_NAME + value: eav + + - name: DJANGO_POSTGRES_HOST + valueFrom: + secretKeyRef: + name: postgresql-secret + key: hostname + + - name: DJANGO_POSTGRES_USER + valueFrom: + secretKeyRef: + name: postgresql-secret + key: username + + - name: DJANGO_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secret + key: password + + - name: DJANGO_POSTGRES_PORT + valueFrom: + secretKeyRef: + name: postgresql-secret + key: port + + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: backend-secret + key: ssh_private.key + + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: backend-secret + key: ssh_public.key + + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: s3-secret + key: username + + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: s3-secret + key: password + + resources: + requests: + cpu: 100m + memory: 100Mi + + volumeMounts: + - name: django-configmap + mountPath: /server/config/settings/production.py + subPath: production.py + + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + + imagePullSecrets: + - name: regcred \ No newline at end of file diff --git a/apps/eav/base/backend-service.yaml b/apps/eav/base/backend-service.yaml new file mode 100644 index 0000000..963c3f4 --- /dev/null +++ b/apps/eav/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: eav +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/eav/base/django-configmap.yaml b/apps/eav/base/django-configmap.yaml new file mode 100644 index 0000000..b610500 --- /dev/null +++ b/apps/eav/base/django-configmap.yaml @@ -0,0 +1,171 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: eav +data: + production.py: | + # production.py + + + from .base import * + + from datetime import timedelta + + import os + + from django.core.exceptions import ImproperlyConfigured + + + INSTALLED_APPS.append("corsheaders") + + #MIDDLEWARE = ["corsheaders.middleware.CorsMiddleware"] + MIDDLEWARE + + + # DEBUG SETTINGS START + + DEBUG = True + + ALLOWED_HOSTS = ['*'] + + # DEBUG SETTINGS END + + + # DATABASE SETTINGS START + + DATABASES = { + "default": { + "ENGINE": "django.db.backends.postgresql", + "NAME": os.getenv("DJANGO_POSTGRES_DATABASE"), + "USER": os.getenv("DJANGO_POSTGRES_USER"), + "PASSWORD": os.getenv("DJANGO_POSTGRES_PASSWORD"), + "HOST": os.getenv("DJANGO_POSTGRES_HOST"), + "PORT": "5432", + } + } + + # DATABASE SETTINGS END + + + # RESPONSE HEADERS START + + + CORS_ORIGIN_ALLOW_ALL = True + + + CORS_ALLOWED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CORS_TRUSTED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CSRF_TRUSTED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CORS_ALLOW_METHODS = ( + 'DELETE', + 'GET', + 'OPTIONS', + 'PATCH', + 'POST', + 'PUT', + ) + + + CORS_ALLOW_HEADERS = ( + 'accept', + 'accept-encoding', + 'authorization', + 'content-type', + 'user-agent', + 'x-csrftoken', + 'x-requested-with', + 'x-token', + 'Bearer' + ) + + # RESPONSE HEADERS END + + + REST_FRAMEWORK = { + "DEFAULT_PAGINATION_CLASS": ( + "rest_framework.pagination.LimitOffsetPagination" + ), + "DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema", + "PAGE_SIZE": 10000, + "DEFAULT_FILTER_BACKENDS": [ + "django_filters.rest_framework.DjangoFilterBackend" + ], + "DEFAULT_AUTHENTICATION_CLASSES": [ + "core.auth.ZitadelJWTAuthentication", + "rest_framework_simplejwt.authentication.JWTAuthentication", + "rest_framework.authentication.SessionAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + "DEFAULT_PERMISSION_CLASSES": [ + "rest_framework.permissions.AllowAny", + ] + } + + + # JWT SETTINGS START + + def get_env_variable(var_name, default=None): + try: + return os.getenv(var_name, default) + except KeyError: + error_msg = f"Set the {var_name} environment variable" + if default: + return default + raise ImproperlyConfigured(error_msg) + + SIMPLE_JWT_ISSUER = get_env_variable("SIMPLE_JWT_ISSUER", default="django") + + + SIMPLE_JWT = { + "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5), + "REFRESH_TOKEN_LIFETIME": timedelta(days=1), + "ROTATE_REFRESH_TOKENS": False, + "UPDATE_LAST_LOGIN": False, + + "ALGORITHM": "RS512", + "SIGNING_KEY": get_env_variable("JWT_PRIVATE_KEY").replace("\\\n", "\n"), + "VERIFYING_KEY": get_env_variable("JWT_PUBLIC_KEY").replace("\\\n", "\n"), + "AUDIENCE": None, + "ISSUER": SIMPLE_JWT_ISSUER, + + "AUTH_HEADER_TYPES": ("Bearer",), + "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION", + "USER_ID_FIELD": "id", + "USER_ID_CLAIM": "user_id", + + "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",), + "TOKEN_TYPE_CLAIM": "token_type", + + "JTI_CLAIM": "jti", + + "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp", + "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5), + "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1), + } + + + # JWT SETTINGS END + + + STATIC_ROOT = '/static/' + + STATIC_URL = '/static/' + + STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' + + + SESSION_COOKIE_NAME = 'eav-sessionid' + + CSRF_COOKIE_NAME = 'eav-csrftoken' diff --git a/apps/eav/base/kustomization.yaml b/apps/eav/base/kustomization.yaml new file mode 100644 index 0000000..f9a6541 --- /dev/null +++ b/apps/eav/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: eav +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - django-configmap.yaml diff --git a/apps/eav/base/namespace.yaml b/apps/eav/base/namespace.yaml new file mode 100644 index 0000000..0587374 --- /dev/null +++ b/apps/eav/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: eav + labels: + istio-injection: enabled diff --git a/apps/eav/yc-k8s-test/kustomization.yaml b/apps/eav/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/eav/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/eav/yc-k8s-test/postgresql.yaml b/apps/eav/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..8ed8238 --- /dev/null +++ b/apps/eav/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: eav +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis" + databases: + - name: eav_db + user: eav + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/eav/yc-k8s-test/replicas.yaml b/apps/eav/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..bc22003 --- /dev/null +++ b/apps/eav/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: eav +spec: + replicas: 1 diff --git a/apps/faas/base/backend-service.yaml b/apps/faas/base/backend-service.yaml new file mode 100644 index 0000000..946f3b9 --- /dev/null +++ b/apps/faas/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: export-reviews-svc + namespace: faas +spec: + type: ClusterIP + selector: + app: export-reviews + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/faas/base/export-reviews.yaml b/apps/faas/base/export-reviews.yaml new file mode 100644 index 0000000..53a1500 --- /dev/null +++ b/apps/faas/base/export-reviews.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: export-reviews + namespace: faas + labels: + app: export-reviews + service: export-reviews +spec: + replicas: 1 + selector: + matchLabels: + app: export-reviews + template: + metadata: + labels: + app: export-reviews + service: export-reviews + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/export-reviews:prod_c4cae4ee + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: BASE_HOST + value: https://sarex.contour.infra.sarex.tech + - name: DJANGO_HOST + value: https://sarex.contour.infra.sarex.tech + - name: REVIEWS_HOST + value: https://sarex.contour.infra.sarex.tech/flows + - name: GATEWAY_HOST + value: https://sarex.contour.infra.sarex.tech/gateway + - name: DOCUMENTATIONS_HOST + value: https://sarex.contour.infra.sarex.tech/documentations + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: TRANSMITTALS_INTERNAL_HOST + value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1 + - name: DJANGO_TIMEOUT + value: "180" + - name: REVIEWS_TIMEOUT + value: "180" + - name: GATEWAY_TIMEOUT + value: "60" + - name: DOCUMENTATIONS_TIMEOUT + value: "60" + - name: EAV_TIMEOUT + value: "30" + - name: TRANSMITTALS_TIMEOUT + value: "30" + - name: TIMEOUT + value: "180" + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/faas/base/kustomization.yaml b/apps/faas/base/kustomization.yaml new file mode 100644 index 0000000..c669ec0 --- /dev/null +++ b/apps/faas/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: faas +resources: + - namespace.yaml + - export-reviews.yaml + - backend-service.yaml \ No newline at end of file diff --git a/apps/faas/base/namespace.yaml b/apps/faas/base/namespace.yaml new file mode 100644 index 0000000..67f60e9 --- /dev/null +++ b/apps/faas/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: faas + labels: + istio-injection: enabled diff --git a/apps/faas/yc-k8s-test/kustomization.yaml b/apps/faas/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/faas/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/faas/yc-k8s-test/replicas.yaml b/apps/faas/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..b268ece --- /dev/null +++ b/apps/faas/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: faas +spec: + replicas: 1 diff --git a/apps/flows/base/backend-deployment.yaml b/apps/flows/base/backend-deployment.yaml new file mode 100644 index 0000000..36bea7d --- /dev/null +++ b/apps/flows/base/backend-deployment.yaml @@ -0,0 +1,177 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: flows + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + spec: + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_2a439111 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ADMIN_PANEL_SECRET_KEY + valueFrom: + secretKeyRef: + key: key + name: admin-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public_key + name: jwt-secret + - name: LOG_LEVEL + value: DEBUG + - name: BASE_HOST + value: https://srx.wb.ru + - name: CELERY_QUEUE + value: flow + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000/api + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: "1" + - name: ENABLE_CELERY + value: "1" + - name: ENABLE_MAILGUN + value: "0" + - name: ENABLE_METRICS + value: "0" + - name: FROM_EMAIL + value: sarex@rwb.ru + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RESOURCE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: https://srx.wb.ru/flows/api/v1 + - name: SMTP_HOST + value: mail.rwb.ru + + - name: DOCUMENTATION_PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret-documentations + - name: CHECKLIST_HOST + value: http://checklists-backend-service.checklists.svc.cluster.local:80 + - name: SMTP_PORT + value: "465" + - name: SYNC_RESOURCE_ID + value: "1" + - name: TIMEOUT + value: "120" + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: "60" + - name: DOCUMENTATION_TIMEOUT + value: "60" + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + key: token + name: django-secret + - name: PG_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PG_LOGIN + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: hostname + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/backend-service.yaml b/apps/flows/base/backend-service.yaml new file mode 100644 index 0000000..7a8d196 --- /dev/null +++ b/apps/flows/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: flows +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/flows/base/celery-deployment.yaml b/apps/flows/base/celery-deployment.yaml new file mode 100644 index 0000000..7eba7cb --- /dev/null +++ b/apps/flows/base/celery-deployment.yaml @@ -0,0 +1,185 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: flows + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend_worker:production_2a439111 + imagePullPolicy: IfNotPresent + command: + - uv + args: + - run + - celery + - -A + - config + - worker + - -l + - info + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ADMIN_PANEL_SECRET_KEY + valueFrom: + secretKeyRef: + key: key + name: admin-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public_key + name: jwt-secret + - name: LOG_LEVEL + value: DEBUG + - name: BASE_HOST + value: https://srx.wb.ru + - name: CELERY_QUEUE + value: flow + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000/api + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: "1" + - name: ENABLE_CELERY + value: "1" + - name: ENABLE_MAILGUN + value: "0" + - name: ENABLE_METRICS + value: "0" + - name: FROM_EMAIL + value: sarex@rwb.ru + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RESOURCE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: https://srx.wb.ru/flows/api/v1 + - name: SMTP_HOST + value: mail.rwb.ru + - name: DOCUMENTATION_PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret-documentations + - name: CHECKLIST_HOST + value: http://checklists-backend-service.checklists.svc.cluster.local:80 + - name: SMTP_PORT + value: "465" + - name: SYNC_RESOURCE_ID + value: "1" + - name: TIMEOUT + value: "120" + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: "60" + - name: DOCUMENTATION_TIMEOUT + value: "60" + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + key: token + name: django-secret + - name: PG_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PG_LOGIN + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: hostname + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/frontend-deployment.yaml b/apps/flows/base/frontend-deployment.yaml new file mode 100644 index 0000000..d9b357f --- /dev/null +++ b/apps/flows/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: flows + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_5b2bd144 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/frontend-service.yaml b/apps/flows/base/frontend-service.yaml new file mode 100644 index 0000000..3157655 --- /dev/null +++ b/apps/flows/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: flows +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/flows/base/kustomization.yaml b/apps/flows/base/kustomization.yaml new file mode 100644 index 0000000..e197b54 --- /dev/null +++ b/apps/flows/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flows +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml diff --git a/apps/flows/base/namespace.yaml b/apps/flows/base/namespace.yaml new file mode 100644 index 0000000..e3a5b8a --- /dev/null +++ b/apps/flows/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: flows + labels: + istio-injection: enabled diff --git a/apps/flows/yc-k8s-test/kustomization.yaml b/apps/flows/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/flows/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/flows/yc-k8s-test/postgresql.yaml b/apps/flows/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..b47f5c9 --- /dev/null +++ b/apps/flows/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: flows +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: flows_db + user: flows + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/issues/base/backend-deployment.yaml b/apps/issues/base/backend-deployment.yaml new file mode 100644 index 0000000..f1b1bf0 --- /dev/null +++ b/apps/issues/base/backend-deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: issues + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + spec: + volumes: + - name: production-configmap + configMap: + name: production-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ENVIRONMENT + value: production + - name: AERO_PUBLIC_HOST + value: https://srx.wb.ru + - name: AERO_HOST + value: https://srx.wb.ru + - name: BASE_AERO_URL + value: https://srx.wb.ru + - name: BASE_AUTH_URL + value: http://backend.django.svc.cluster.local:8000 + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: WORKFLOWS_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: RESOURCES_API_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: SAREX_API + value: https://srx.wb.ru + - name: DOCUMENTATIONS_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: API_ADDRESS + value: "8000" + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: SAREX_USERNAME + valueFrom: + secretKeyRef: + key: username + name: sarex-auth + - name: SAREX_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: sarex-auth + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: production-configmap + mountPath: /src/config/settings/production.py + subPath: production.py + imagePullSecrets: + - name: regcred diff --git a/apps/issues/base/backend-service.yaml b/apps/issues/base/backend-service.yaml new file mode 100644 index 0000000..d5d299e --- /dev/null +++ b/apps/issues/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: issues +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/issues/base/celery-deployment.yaml b/apps/issues/base/celery-deployment.yaml new file mode 100644 index 0000000..b2b7bfb --- /dev/null +++ b/apps/issues/base/celery-deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: issues + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + volumes: + - name: production-configmap + configMap: + name: production-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa + imagePullPolicy: IfNotPresent + command: ["celery", "-A", "config", "worker", "-l", "info", "-E"] + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ENVIRONMENT + value: production + - name: AERO_PUBLIC_HOST + value: https://srx.wb.ru + - name: AERO_HOST + value: https://srx.wb.ru + - name: BASE_AERO_URL + value: https://srx.wb.ru + - name: BASE_AUTH_URL + value: http://backend.django.svc.cluster.local:8000 + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: WORKFLOWS_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: RESOURCES_API_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: SAREX_API + value: https://srx.wb.ru + - name: DOCUMENTATIONS_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: API_ADDRESS + value: "8000" + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: SAREX_USERNAME + valueFrom: + secretKeyRef: + key: username + name: sarex-auth + - name: SAREX_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: sarex-auth + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: production-configmap + mountPath: /src/config/settings/production.py + subPath: production.py + imagePullSecrets: + - name: regcred diff --git a/apps/issues/base/frontend-deployment.yaml b/apps/issues/base/frontend-deployment.yaml new file mode 100644 index 0000000..f58b577 --- /dev/null +++ b/apps/issues/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: issues + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:716a2b73 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/issues/base/frontend-service.yaml b/apps/issues/base/frontend-service.yaml new file mode 100644 index 0000000..14dfd0f --- /dev/null +++ b/apps/issues/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: issues +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/issues/base/kustomization.yaml b/apps/issues/base/kustomization.yaml new file mode 100644 index 0000000..3ece763 --- /dev/null +++ b/apps/issues/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: issues +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml + - production-configmap.yaml diff --git a/apps/issues/base/namespace.yaml b/apps/issues/base/namespace.yaml new file mode 100644 index 0000000..e798ce7 --- /dev/null +++ b/apps/issues/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: issues + labels: + istio-injection: enabled diff --git a/apps/issues/base/production-configmap.yaml b/apps/issues/base/production-configmap.yaml new file mode 100644 index 0000000..c9ddd72 --- /dev/null +++ b/apps/issues/base/production-configmap.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: production-configmap + namespace: issues +data: + production.py: | + from datetime import timedelta + import os + from .base import * + + # DEBUG SETTINGS START + # ----------------------------------------------------------------------------- + DEBUG = True + # ----------------------------------------------------------------------------- + + TEST_MODE = False + + # SECRETS SETTINGS START + # ----------------------------------------------------------------------------- + SECRET_KEY = "FromToMuchLoveOfLiving" # Delete after Test + # ----------------------------------------------------------------------------- + + DJANGO_TOKEN="aGFnZW4wMTM6emVhbG90MDk2" + + # ALLOWED HOSTS START + # ----------------------------------------------------------------------------- + ALLOWED_HOSTS = ["*"] + # ----------------------------------------------------------------------------- + + # APPS SETTINGS START + # ----------------------------------------------------------------------------- + # INSTALLED_APPS += [ + # "django_extensions", + # ] + # ----------------------------------------------------------------------------- + + # DEBUG SETTINGS START + # ----------------------------------------------------------------------------- + DEBUG = False + # ----------------------------------------------------------------------------- + + REVIEW_HOST='http://backend-service.flows.svc.cluster.local:8000' + # ----------------------------------------------------------------------------- + # EXTERNAL SERVICES END + + WORKFLOWS_HOST = "http://workflows-api-service.workflow.svc.cluster.local:8000" + WORKFLOWS_URL = "http://workflows-api-service.workflow.svc.cluster.local:8000" + DOCUMENTATIONS_URL = "http://documentations-api.documentations.svc.cluster.local:8080" + RESOURCES_API_HOST = os.getenv("RESOURCES_API_HOST", default="http://resources-service.resources.svc.cluster:8000") + KAFKA_HOST = "wb-stage-kafka-bootstrap.kafka.svc.cluster.local:9093" + KAFKA_USERNAME = "sarex" + KAFKA_PASSWORD = "nK36sasvSfoItJnXQ4qxav2OUWIPX5ZC" + KAFKA_SSL_CAFILE = os.getenv("KAFKA_SSL_CAFILE", "/usr/local/share/ca-certificates/kafka.crt") + KAFKA_EAV_ASSETS_TOPIC = os.getenv("KAFKA_EAV_ASSETS_TOPIC", "sarex") + KAFKA_ISSUES_TOPIC = os.getenv("KAFKA_ISSUES_TOPIC", "sarex-issues") + + + USE_ASYNC_FUNCTIONS = True + USE_NOTIFICATIONS = True + + # JWT SETTINGS START + # --------------------------------------------------------------------------------------------------------------------- + SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer") + + SIMPLE_JWT = { + "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5), + "REFRESH_TOKEN_LIFETIME": timedelta(days=1), + "ROTATE_REFRESH_TOKENS": False, + "UPDATE_LAST_LOGIN": False, + + "ALGORITHM": "RS512", + "SIGNING_KEY": os.getenv("JWT_PRIVATE_KEY", default="").replace("\\n", "\n"), + "VERIFYING_KEY": os.getenv("JWT_PUBLIC_KEY").replace("\\n", "\n"), + "AUDIENCE": None, + "ISSUER": SIMPLE_JWT_ISSUER, + + "AUTH_HEADER_TYPES": ("Bearer",), + "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION", + "USER_ID_FIELD": "id", + "USER_ID_CLAIM": "user_id", + + "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",), + "TOKEN_TYPE_CLAIM": "token_type", + + "JTI_CLAIM": "jti", + + "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp", + "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5), + "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1), + } + # --------------------------------------------------------------------------------------------------------------------- + + CORS_ALLOWED_ORIGINS = [ + "https://lk.srx.wb.ru:30443", + ] + + CORS_TRUSTED_ORIGINS = [ + "https://lk.srx.wb.ru:30443", + ] + + CSRF_TRUSTED_ORIGINS = [ + "https://lk.srx.wb.ru:30443", + ] + + CORS_ALLOW_ALL_ORIGINS = True + ENABLE_MAILGUN=False + SMTP_PORT=465 + SMTP_HOST="mail.rwb.ru" + EMAIL_FROM="sarex@rwb.ru" + + CORS_ALLOW_METHODS = [ + "DELETE", + "GET", + "OPTIONS", + "PATCH", + "POST", + "PUT", + ] + + SAREX_API = "https://srx.wb.ru" + + AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API) + + BASE_AERO_URL = "http://backend.django.svc.cluster.local:8000" + + ENVIRONMENT = "production" + + SESSION_COOKIE_NAME = "issues-sessionid" + CSRF_COOKIE_NAME = "issues-csrftoken" + STATIC_URL = "/static/" + STORAGES = { + 'default': { + 'BACKEND': "storages.backends.s3boto3.S3Boto3Storage", + }, + 'staticfiles': { + # Leave whatever setting you already have here, e.g.: + 'BACKEND': "storages.backends.s3boto3.S3Boto3Storage", + } + } diff --git a/apps/issues/yc-k8s-test/kustomization.yaml b/apps/issues/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/issues/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/issues/yc-k8s-test/postgresql.yaml b/apps/issues/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..2a7a590 --- /dev/null +++ b/apps/issues/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: issues +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: issues_db + user: issues + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/resources/base/backend-deployment.yaml b/apps/resources/base/backend-deployment.yaml new file mode 100644 index 0000000..4b763e5 --- /dev/null +++ b/apps/resources/base/backend-deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: resources + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-resources:prod_d642ef88 + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + + env: + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: API_ADDRESS + value: "8000" + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + + + resources: + requests: + cpu: 100m + memory: 100Mi + + volumeMounts: + - name: django-configmap + mountPath: /server/config/settings/production.py + subPath: production.py + + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + + imagePullSecrets: + - name: regcred \ No newline at end of file diff --git a/apps/resources/base/backend-service.yaml b/apps/resources/base/backend-service.yaml new file mode 100644 index 0000000..1215014 --- /dev/null +++ b/apps/resources/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: resources +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/resources/base/django-configmap.yaml b/apps/resources/base/django-configmap.yaml new file mode 100644 index 0000000..e7b33c9 --- /dev/null +++ b/apps/resources/base/django-configmap.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: resources +data: + production.py: | + import os + from .base import * + + # DEBUG SETTINGS + # ----------------------------------------------------------------------------- + DEBUG = False + # ----------------------------------------------------------------------------- + + # ALLOWED HOSTS + # ----------------------------------------------------------------------------- + ALLOWED_HOSTS = ['*'] + # ----------------------------------------------------------------------------- + + # SERVICE ACCOUNTS HOST + # ----------------------------------------------------------------------------- + SERVICE_ACCOUNTS_HOST = os.getenv( + "SERVICE_ACCOUNTS_HOST", + default="http://backend.django.svc.cluster.local:8000/api/core" + ) + # ----------------------------------------------------------------------------- + + # DATABASE CONFIGURATION + # ----------------------------------------------------------------------------- + POSTGRES_DATABASE = os.getenv("DATABASE_NAME") + POSTGRES_USER = os.getenv("DATABASE_USER") + POSTGRES_PASSWORD = os.getenv("DATABASE_PASSWORD") + POSTGRES_HOST = os.getenv("DATABASE_HOST") + POSTGRES_PORT = os.getenv("DATABASE_PORT") + + DATABASES = { + "default": { + "ENGINE": "django.contrib.gis.db.backends.postgis", + "NAME": POSTGRES_DATABASE, + "USER": POSTGRES_USER, + "PASSWORD": POSTGRES_PASSWORD, + "HOST": POSTGRES_HOST, + "PORT": POSTGRES_PORT, + } + } + # ----------------------------------------------------------------------------- + + # CORS SETTINGS + SAREX_ADMIN_USERNAME = "hagen013" + SAREX_ADMIN_PASSWORD = "zealot096" + SAREX_BASE_HOST = "http://backend.django.svc.cluster.local:8000" + # ----------------------------------------------------------------------------- + + CORS_ALLOWED_ORIGINS = [ + "https://localhost:8000", + "https://localhost:8080", + "https://wb.sarex.ru", + "https://wb.sarex.ru.lonsdaleites.ru", + "https://srx.wb.ru", + ] + + CSRF_TRUSTED_ORIGINS = [ + 'https://localhost:8000', + 'https://localhost:8080', + 'https://wb.sarex.ru', + "https://wb.sarex.ru", + ] + + CORS_ALLOW_ALL_ORIGINS = True + + CORS_ALLOW_METHODS = [ + "DELETE", + "GET", + "OPTIONS", + "PATCH", + "POST", + "PUT", + ] + # ----------------------------------------------------------------------------- + + # STATIC FILES + # ----------------------------------------------------------------------------- + STATIC_ROOT = "/static/" + STATIC_URL = "/static/" + STATICFILES_STORAGE = "django.contrib.staticfiles.storage.StaticFilesStorage" + # ----------------------------------------------------------------------------- + + # COOKIE SETTINGS + # ----------------------------------------------------------------------------- + SESSION_COOKIE_NAME = "resource-sessionid" + CSRF_COOKIE_NAME = "resource-csrftoken" + # ----------------------------------------------------------------------------- \ No newline at end of file diff --git a/apps/resources/base/kustomization.yaml b/apps/resources/base/kustomization.yaml new file mode 100644 index 0000000..149f532 --- /dev/null +++ b/apps/resources/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: resources +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - django-configmap.yaml diff --git a/apps/resources/base/namespace.yaml b/apps/resources/base/namespace.yaml new file mode 100644 index 0000000..5c2d001 --- /dev/null +++ b/apps/resources/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: resources + labels: + istio-injection: enabled diff --git a/apps/resources/yc-k8s-test/kustomization.yaml b/apps/resources/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/resources/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/resources/yc-k8s-test/postgresql.yaml b/apps/resources/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..432f999 --- /dev/null +++ b/apps/resources/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: resources +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis" + databases: + - name: resources_db + user: resources + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/resources/yc-k8s-test/replicas.yaml b/apps/resources/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..14eb0a8 --- /dev/null +++ b/apps/resources/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: resources +spec: + replicas: 1 diff --git a/apps/stamp-verification/base/deployment.yaml b/apps/stamp-verification/base/deployment.yaml new file mode 100644 index 0000000..99a1cbe --- /dev/null +++ b/apps/stamp-verification/base/deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: stamp-verification + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + version: stable + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/stamp-verification-frontend:e11a8f90be462fc325ff99c8c35a8a418815c27b + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/stamp-verification/base/kustomization.yaml b/apps/stamp-verification/base/kustomization.yaml new file mode 100644 index 0000000..9549795 --- /dev/null +++ b/apps/stamp-verification/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: stamp-verification +resources: + - namespace.yaml + - deployment.yaml + - service.yaml diff --git a/apps/stamp-verification/base/namespace.yaml b/apps/stamp-verification/base/namespace.yaml new file mode 100644 index 0000000..650f68b --- /dev/null +++ b/apps/stamp-verification/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: stamp-verification + labels: + istio-injection: enabled \ No newline at end of file diff --git a/apps/stamp-verification/base/service.yaml b/apps/stamp-verification/base/service.yaml new file mode 100644 index 0000000..cacabbd --- /dev/null +++ b/apps/stamp-verification/base/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: stamp-verification +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/stamp-verification/yc-k8s-test/kustomization.yaml b/apps/stamp-verification/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/stamp-verification/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/stamp-verification/yc-k8s-test/replicas.yaml b/apps/stamp-verification/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..004c92f --- /dev/null +++ b/apps/stamp-verification/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: stamp-verification +spec: + replicas: 1 diff --git a/apps/workspaces/base/backend-deployment.yaml b/apps/workspaces/base/backend-deployment.yaml new file mode 100644 index 0000000..33cd497 --- /dev/null +++ b/apps/workspaces/base/backend-deployment.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workspaces-api + namespace: workspaces + labels: + app: workspaces-api +spec: + replicas: 1 + selector: + matchLabels: + app: workspaces-api + template: + metadata: + labels: + app: workspaces-api + spec: + containers: + - name: workspaces-api + image: cr.yandex/crp3ccidau046kdj8g9q/workspaces:prod_4961b1f1 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "3" + - name: BUNDLES_RETRY_COUNT + value: "5" + - name: BUNDLES_NJOBS + value: "5" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: NAMESPACE + value: workspaces + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DOCUMENTATION_LOGGER_FEATURE + value: "0" + - name: DOCUMENTATION_ORIGINATOR + value: prod_ws + - name: ENVIRONMENT + value: prod + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + + resources: + requests: + cpu: 100m + memory: 100Mi + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/workspaces/base/backend-service.yaml b/apps/workspaces/base/backend-service.yaml new file mode 100644 index 0000000..046ddcd --- /dev/null +++ b/apps/workspaces/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: workspaces +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/workspaces/base/frontend-deployment.yaml b/apps/workspaces/base/frontend-deployment.yaml new file mode 100644 index 0000000..f718edf --- /dev/null +++ b/apps/workspaces/base/frontend-deployment.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: workspaces + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_7f95769f + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/workspaces/base/frontend-service.yaml b/apps/workspaces/base/frontend-service.yaml new file mode 100644 index 0000000..b09b11e --- /dev/null +++ b/apps/workspaces/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: workspaces +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/workspaces/base/kustomization.yaml b/apps/workspaces/base/kustomization.yaml new file mode 100644 index 0000000..363c25f --- /dev/null +++ b/apps/workspaces/base/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: workspaces +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - frontend-deployment.yaml + - frontend-service.yaml diff --git a/apps/workspaces/base/namespace.yaml b/apps/workspaces/base/namespace.yaml new file mode 100644 index 0000000..7790980 --- /dev/null +++ b/apps/workspaces/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: workspaces + labels: + istio-injection: enabled diff --git a/apps/workspaces/yc-k8s-test/kustomization.yaml b/apps/workspaces/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/workspaces/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/workspaces/yc-k8s-test/postgresql.yaml b/apps/workspaces/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..aa2979f --- /dev/null +++ b/apps/workspaces/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: workspaces +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp" + databases: + - name: workspaces_db + user: workspaces + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/workspaces/yc-k8s-test/replicas.yaml b/apps/workspaces/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..cc9af30 --- /dev/null +++ b/apps/workspaces/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: workspaces +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index bd67acc..758ba1c 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -23,4 +23,13 @@ resources: - ../../apps/system-log/yc-k8s-test - ../../apps/remarks/yc-k8s-test - ../../apps/notes/yc-k8s-test - - ../../apps/pm/yc-k8s-test \ No newline at end of file + - ../../apps/pm/yc-k8s-test + - ../../apps/faas/yc-k8s-test + - ../../apps/stamp-verification/yc-k8s-test + - ../../apps/eav/yc-k8s-test + - ../../apps/resources/yc-k8s-test + - ../../apps/workspaces/yc-k8s-test + - ../../apps/cde/yc-k8s-test + - ../../apps/flows/yc-k8s-test + - ../../apps/issues/yc-k8s-test + - ../../apps/documentations/yc-k8s-test \ No newline at end of file