From 3f6666aa66ce700712698845a3c75911503f72c3 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 12:29:50 +0500 Subject: [PATCH 01/23] ++ --- apps/faas/base/backend-service.yaml | 15 ++++++ apps/faas/base/export-reviews.yaml | 64 ++++++++++++++++++++++++ apps/faas/base/kustomization.yaml | 8 +++ apps/faas/base/namespace.yaml | 7 +++ apps/faas/yc-k8s-test/kustomization.yaml | 10 ++++ apps/faas/yc-k8s-test/replicas.yaml | 8 +++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 7 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 apps/faas/base/backend-service.yaml create mode 100644 apps/faas/base/export-reviews.yaml create mode 100644 apps/faas/base/kustomization.yaml create mode 100644 apps/faas/base/namespace.yaml create mode 100644 apps/faas/yc-k8s-test/kustomization.yaml create mode 100644 apps/faas/yc-k8s-test/replicas.yaml diff --git a/apps/faas/base/backend-service.yaml b/apps/faas/base/backend-service.yaml new file mode 100644 index 0000000..946f3b9 --- /dev/null +++ b/apps/faas/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: export-reviews-svc + namespace: faas +spec: + type: ClusterIP + selector: + app: export-reviews + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/faas/base/export-reviews.yaml b/apps/faas/base/export-reviews.yaml new file mode 100644 index 0000000..53a1500 --- /dev/null +++ b/apps/faas/base/export-reviews.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: export-reviews + namespace: faas + labels: + app: export-reviews + service: export-reviews +spec: + replicas: 1 + selector: + matchLabels: + app: export-reviews + template: + metadata: + labels: + app: export-reviews + service: export-reviews + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/export-reviews:prod_c4cae4ee + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: BASE_HOST + value: https://sarex.contour.infra.sarex.tech + - name: DJANGO_HOST + value: https://sarex.contour.infra.sarex.tech + - name: REVIEWS_HOST + value: https://sarex.contour.infra.sarex.tech/flows + - name: GATEWAY_HOST + value: https://sarex.contour.infra.sarex.tech/gateway + - name: DOCUMENTATIONS_HOST + value: https://sarex.contour.infra.sarex.tech/documentations + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: TRANSMITTALS_INTERNAL_HOST + value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1 + - name: DJANGO_TIMEOUT + value: "180" + - name: REVIEWS_TIMEOUT + value: "180" + - name: GATEWAY_TIMEOUT + value: "60" + - name: DOCUMENTATIONS_TIMEOUT + value: "60" + - name: EAV_TIMEOUT + value: "30" + - name: TRANSMITTALS_TIMEOUT + value: "30" + - name: TIMEOUT + value: "180" + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/faas/base/kustomization.yaml b/apps/faas/base/kustomization.yaml new file mode 100644 index 0000000..c669ec0 --- /dev/null +++ b/apps/faas/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: faas +resources: + - namespace.yaml + - export-reviews.yaml + - backend-service.yaml \ No newline at end of file diff --git a/apps/faas/base/namespace.yaml b/apps/faas/base/namespace.yaml new file mode 100644 index 0000000..67f60e9 --- /dev/null +++ b/apps/faas/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: faas + labels: + istio-injection: enabled diff --git a/apps/faas/yc-k8s-test/kustomization.yaml b/apps/faas/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/faas/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/faas/yc-k8s-test/replicas.yaml b/apps/faas/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..b268ece --- /dev/null +++ b/apps/faas/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: faas +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index bd67acc..07fb71c 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -23,4 +23,5 @@ resources: - ../../apps/system-log/yc-k8s-test - ../../apps/remarks/yc-k8s-test - ../../apps/notes/yc-k8s-test - - ../../apps/pm/yc-k8s-test \ No newline at end of file + - ../../apps/pm/yc-k8s-test + - ../../apps/faas/yc-k8s-test \ No newline at end of file From 79f24d2291b6a1c8fc22e92a999f81dfbe8df3c4 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 12:46:56 +0500 Subject: [PATCH 02/23] ++ --- apps/stamp-verification/base/deployment.yaml | 33 +++++++++++++++++++ .../base/kustomization.yaml | 8 +++++ apps/stamp-verification/base/namespace.yaml | 7 ++++ apps/stamp-verification/base/service.yaml | 15 +++++++++ .../yc-k8s-test/kustomization.yaml | 10 ++++++ .../yc-k8s-test/replicas.yaml | 8 +++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 7 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 apps/stamp-verification/base/deployment.yaml create mode 100644 apps/stamp-verification/base/kustomization.yaml create mode 100644 apps/stamp-verification/base/namespace.yaml create mode 100644 apps/stamp-verification/base/service.yaml create mode 100644 apps/stamp-verification/yc-k8s-test/kustomization.yaml create mode 100644 apps/stamp-verification/yc-k8s-test/replicas.yaml diff --git a/apps/stamp-verification/base/deployment.yaml b/apps/stamp-verification/base/deployment.yaml new file mode 100644 index 0000000..99a1cbe --- /dev/null +++ b/apps/stamp-verification/base/deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: stamp-verification + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + version: stable + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/stamp-verification-frontend:e11a8f90be462fc325ff99c8c35a8a418815c27b + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/stamp-verification/base/kustomization.yaml b/apps/stamp-verification/base/kustomization.yaml new file mode 100644 index 0000000..0646af2 --- /dev/null +++ b/apps/stamp-verification/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: remarks +resources: + - namespace.yaml + - deployment.yaml + - service.yaml diff --git a/apps/stamp-verification/base/namespace.yaml b/apps/stamp-verification/base/namespace.yaml new file mode 100644 index 0000000..650f68b --- /dev/null +++ b/apps/stamp-verification/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: stamp-verification + labels: + istio-injection: enabled \ No newline at end of file diff --git a/apps/stamp-verification/base/service.yaml b/apps/stamp-verification/base/service.yaml new file mode 100644 index 0000000..cacabbd --- /dev/null +++ b/apps/stamp-verification/base/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: stamp-verification +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/stamp-verification/yc-k8s-test/kustomization.yaml b/apps/stamp-verification/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/stamp-verification/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/stamp-verification/yc-k8s-test/replicas.yaml b/apps/stamp-verification/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..004c92f --- /dev/null +++ b/apps/stamp-verification/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: stamp-verification +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 07fb71c..4cca31e 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -24,4 +24,5 @@ resources: - ../../apps/remarks/yc-k8s-test - ../../apps/notes/yc-k8s-test - ../../apps/pm/yc-k8s-test - - ../../apps/faas/yc-k8s-test \ No newline at end of file + - ../../apps/faas/yc-k8s-test + - ../../apps/stamp-verification/yc-k8s-test \ No newline at end of file From dd26e8a2424ee1c9d6d788f7a30b88248196eba1 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 12:50:20 +0500 Subject: [PATCH 03/23] ++ --- apps/stamp-verification/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/stamp-verification/base/kustomization.yaml b/apps/stamp-verification/base/kustomization.yaml index 0646af2..9549795 100644 --- a/apps/stamp-verification/base/kustomization.yaml +++ b/apps/stamp-verification/base/kustomization.yaml @@ -1,7 +1,7 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: remarks +namespace: stamp-verification resources: - namespace.yaml - deployment.yaml From 9c36b4caa3c5cf6547397124e1a5b64b889ed5e8 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 12:56:58 +0500 Subject: [PATCH 04/23] ++ --- apps/document-link/base/deployment.yaml | 33 +++++++++++++++++++ apps/document-link/base/kustomization.yaml | 8 +++++ apps/document-link/base/namespace.yaml | 7 ++++ apps/document-link/base/service.yaml | 15 +++++++++ .../yc-k8s-test/kustomization.yaml | 10 ++++++ apps/document-link/yc-k8s-test/replicas.yaml | 8 +++++ 6 files changed, 81 insertions(+) create mode 100644 apps/document-link/base/deployment.yaml create mode 100644 apps/document-link/base/kustomization.yaml create mode 100644 apps/document-link/base/namespace.yaml create mode 100644 apps/document-link/base/service.yaml create mode 100644 apps/document-link/yc-k8s-test/kustomization.yaml create mode 100644 apps/document-link/yc-k8s-test/replicas.yaml diff --git a/apps/document-link/base/deployment.yaml b/apps/document-link/base/deployment.yaml new file mode 100644 index 0000000..9768188 --- /dev/null +++ b/apps/document-link/base/deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: document-link + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + version: stable + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:wb_cb2027ce + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/document-link/base/kustomization.yaml b/apps/document-link/base/kustomization.yaml new file mode 100644 index 0000000..649812b --- /dev/null +++ b/apps/document-link/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: document-link +resources: + - namespace.yaml + - deployment.yaml + - service.yaml diff --git a/apps/document-link/base/namespace.yaml b/apps/document-link/base/namespace.yaml new file mode 100644 index 0000000..b63e16c --- /dev/null +++ b/apps/document-link/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: document-link + labels: + istio-injection: enabled \ No newline at end of file diff --git a/apps/document-link/base/service.yaml b/apps/document-link/base/service.yaml new file mode 100644 index 0000000..8fca3f7 --- /dev/null +++ b/apps/document-link/base/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: document-link +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/document-link/yc-k8s-test/kustomization.yaml b/apps/document-link/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/document-link/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/document-link/yc-k8s-test/replicas.yaml b/apps/document-link/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..dc08800 --- /dev/null +++ b/apps/document-link/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: document-link +spec: + replicas: 1 From 9015487e7f0ca2b8c85c1839782aa76e4ae0e0fd Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 14:04:20 +0500 Subject: [PATCH 05/23] ++ --- apps/eav/base/backend-deployment.yaml | 110 ++++++++++++++ apps/eav/base/backend-service.yaml | 15 ++ apps/eav/base/django-configmap.yaml | 193 ++++++++++++++++++++++++ apps/eav/base/kustomization.yaml | 9 ++ apps/eav/base/namespace.yaml | 7 + apps/eav/yc-k8s-test/kustomization.yaml | 11 ++ apps/eav/yc-k8s-test/postgresql.yaml | 113 ++++++++++++++ apps/eav/yc-k8s-test/replicas.yaml | 8 + 8 files changed, 466 insertions(+) create mode 100644 apps/eav/base/backend-deployment.yaml create mode 100644 apps/eav/base/backend-service.yaml create mode 100644 apps/eav/base/django-configmap.yaml create mode 100644 apps/eav/base/kustomization.yaml create mode 100644 apps/eav/base/namespace.yaml create mode 100644 apps/eav/yc-k8s-test/kustomization.yaml create mode 100644 apps/eav/yc-k8s-test/postgresql.yaml create mode 100644 apps/eav/yc-k8s-test/replicas.yaml diff --git a/apps/eav/base/backend-deployment.yaml b/apps/eav/base/backend-deployment.yaml new file mode 100644 index 0000000..ff0a324 --- /dev/null +++ b/apps/eav/base/backend-deployment.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: eav + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + volumes: + defaultMode: 420 + items: + - key: production.py + path: production.py + name: django-configmap + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: KAFKA_ENABLED + value: "False" + - name: ASSETS_TOPIC + value: sarex + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: DJANGO_POSTGRES_DATABASE + value: eav_db + - name: YC_S3_ENDPOINT_URL + value: http://minio-svc.minio.svc.cluster.local:9000 + - name: YC_S3_BUCKET_NAME + value: eav + - name: DJANGO_POSTGRES_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DJANGO_POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DJANGO_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: login + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /server/config/settings/production.py + name: django-configmap + subPath: production.py + + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/eav/base/backend-service.yaml b/apps/eav/base/backend-service.yaml new file mode 100644 index 0000000..963c3f4 --- /dev/null +++ b/apps/eav/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: eav +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/eav/base/django-configmap.yaml b/apps/eav/base/django-configmap.yaml new file mode 100644 index 0000000..c67bc9d --- /dev/null +++ b/apps/eav/base/django-configmap.yaml @@ -0,0 +1,193 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: eav +data: + production.py: | + # production.py + + + from .base import * + + from datetime import timedelta + + import os + + from django.core.exceptions import ImproperlyConfigured + + + INSTALLED_APPS.append("corsheaders") + + #MIDDLEWARE = ["corsheaders.middleware.CorsMiddleware"] + MIDDLEWARE + + + # DEBUG SETTINGS START + + # + --------------------------------------------------------------------------------------------------------------------- + + DEBUG = True + + ALLOWED_HOSTS = ['*'] + + # + --------------------------------------------------------------------------------------------------------------------- + + # DEBUG SETTINGS END + + + # DATABASE SETTINGS START + + # + --------------------------------------------------------------------------------------------------------------------- + + DATABASES = { + "default": { + "ENGINE": "django.db.backends.postgresql", + "NAME": os.getenv("DJANGO_POSTGRES_DATABASE"), + "USER": os.getenv("DJANGO_POSTGRES_USER"), + "PASSWORD": os.getenv("DJANGO_POSTGRES_PASSWORD"), + "HOST": os.getenv("DJANGO_POSTGRES_HOST"), + "PORT": "5432", + } + } + + # + --------------------------------------------------------------------------------------------------------------------- + + # DATABASE SETTINGS END + + + # RESPONSE HEADERS START + + # + --------------------------------------------------------------------------------------------------------------------- + + CORS_ORIGIN_ALLOW_ALL = True + + + CORS_ALLOWED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CORS_TRUSTED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CSRF_TRUSTED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CORS_ALLOW_METHODS = ( + 'DELETE', + 'GET', + 'OPTIONS', + 'PATCH', + 'POST', + 'PUT', + ) + + + CORS_ALLOW_HEADERS = ( + 'accept', + 'accept-encoding', + 'authorization', + 'content-type', + 'user-agent', + 'x-csrftoken', + 'x-requested-with', + 'x-token', + 'Bearer' + ) + + # + --------------------------------------------------------------------------------------------------------------------- + + # RESPONSE HEADERS END + + + REST_FRAMEWORK = { + "DEFAULT_PAGINATION_CLASS": ( + "rest_framework.pagination.LimitOffsetPagination" + ), + "DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema", + "PAGE_SIZE": 10000, + "DEFAULT_FILTER_BACKENDS": [ + "django_filters.rest_framework.DjangoFilterBackend" + ], + "DEFAULT_AUTHENTICATION_CLASSES": [ + "core.auth.ZitadelJWTAuthentication", + "rest_framework_simplejwt.authentication.JWTAuthentication", + "rest_framework.authentication.SessionAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + "DEFAULT_PERMISSION_CLASSES": [ + "rest_framework.permissions.AllowAny", + ] + } + + + # JWT SETTINGS START + + # + --------------------------------------------------------------------------------------------------------------------- + + def get_env_variable(var_name, default=None): + try: + return os.getenv(var_name, default) + except KeyError: + error_msg = f"Set the {var_name} environment variable" + if default: + return default + raise ImproperlyConfigured(error_msg) + + SIMPLE_JWT_ISSUER = get_env_variable("SIMPLE_JWT_ISSUER", default="django") + + + SIMPLE_JWT = { + "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5), + "REFRESH_TOKEN_LIFETIME": timedelta(days=1), + "ROTATE_REFRESH_TOKENS": False, + "UPDATE_LAST_LOGIN": False, + + "ALGORITHM": "RS512", + "SIGNING_KEY": get_env_variable("JWT_PRIVATE_KEY").replace("\\\n", "\n"), + "VERIFYING_KEY": get_env_variable("JWT_PUBLIC_KEY").replace("\\\n", "\n"), + "AUDIENCE": None, + "ISSUER": SIMPLE_JWT_ISSUER, + + "AUTH_HEADER_TYPES": ("Bearer",), + "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION", + "USER_ID_FIELD": "id", + "USER_ID_CLAIM": "user_id", + + "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",), + "TOKEN_TYPE_CLAIM": "token_type", + + "JTI_CLAIM": "jti", + + "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp", + "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5), + "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1), + } + + # + --------------------------------------------------------------------------------------------------------------------- + + # JWT SETTINGS END + + + STATIC_ROOT = '/static/' + + STATIC_URL = '/static/' + + STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' + + + SESSION_COOKIE_NAME = 'eav-sessionid' + + CSRF_COOKIE_NAME = 'eav-csrftoken' diff --git a/apps/eav/base/kustomization.yaml b/apps/eav/base/kustomization.yaml new file mode 100644 index 0000000..f9a6541 --- /dev/null +++ b/apps/eav/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: eav +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - django-configmap.yaml diff --git a/apps/eav/base/namespace.yaml b/apps/eav/base/namespace.yaml new file mode 100644 index 0000000..0587374 --- /dev/null +++ b/apps/eav/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: eav + labels: + istio-injection: enabled diff --git a/apps/eav/yc-k8s-test/kustomization.yaml b/apps/eav/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/eav/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/eav/yc-k8s-test/postgresql.yaml b/apps/eav/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..8ed8238 --- /dev/null +++ b/apps/eav/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: eav +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis" + databases: + - name: eav_db + user: eav + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/eav/yc-k8s-test/replicas.yaml b/apps/eav/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..bc22003 --- /dev/null +++ b/apps/eav/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: eav +spec: + replicas: 1 From d203bacdfb742d33d93e69aec89afa32ab38b13f Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 14:16:34 +0500 Subject: [PATCH 06/23] ++ --- clusters/yc-k8s-test/kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 4cca31e..a6c1325 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -25,4 +25,5 @@ resources: - ../../apps/notes/yc-k8s-test - ../../apps/pm/yc-k8s-test - ../../apps/faas/yc-k8s-test - - ../../apps/stamp-verification/yc-k8s-test \ No newline at end of file + - ../../apps/stamp-verification/yc-k8s-test + - ../../apps/eav/yc-k8s-test \ No newline at end of file From 955c3db1d1427fa6d52950886be1a35db3f8f8d0 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 14:20:56 +0500 Subject: [PATCH 07/23] ++ --- apps/eav/base/backend-deployment.yaml | 50 ++++++++++++++++++--------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/apps/eav/base/backend-deployment.yaml b/apps/eav/base/backend-deployment.yaml index ff0a324..d4e343d 100644 --- a/apps/eav/base/backend-deployment.yaml +++ b/apps/eav/base/backend-deployment.yaml @@ -1,4 +1,3 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -17,19 +16,24 @@ spec: app: backend spec: volumes: - defaultMode: 420 - items: - - key: production.py - path: production.py - name: django-configmap + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + containers: - name: backend image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247 imagePullPolicy: IfNotPresent + ports: - name: http containerPort: 8000 protocol: TCP + env: - name: KAFKA_ENABLED value: "False" @@ -43,53 +47,63 @@ spec: value: http://minio-svc.minio.svc.cluster.local:9000 - name: YC_S3_BUCKET_NAME value: eav + - name: DJANGO_POSTGRES_HOST valueFrom: secretKeyRef: - key: hostname name: postgresql-secret + key: hostname + - name: DJANGO_POSTGRES_USER valueFrom: secretKeyRef: - key: username name: postgresql-secret + key: username + - name: DJANGO_POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: password name: postgresql-secret + key: password + - name: DJANGO_POSTGRES_PORT valueFrom: secretKeyRef: - key: port name: postgresql-secret + key: port + - name: JWT_PRIVATE_KEY valueFrom: secretKeyRef: - key: ssh_private.key name: backend-secret + key: ssh_private.key + - name: JWT_PUBLIC_KEY valueFrom: secretKeyRef: - key: ssh_public.key name: backend-secret + key: ssh_public.key + - name: YC_S3_ACCESS_KEY_ID valueFrom: secretKeyRef: - key: login name: s3-secret + key: login + - name: YC_S3_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - key: password name: s3-secret + key: password + resources: requests: cpu: 100m memory: 100Mi + volumeMounts: - - mountPath: /server/config/settings/production.py - name: django-configmap + - name: django-configmap + mountPath: /server/config/settings/production.py subPath: production.py livenessProbe: @@ -99,6 +113,7 @@ spec: initialDelaySeconds: 10 periodSeconds: 60 failureThreshold: 10 + readinessProbe: httpGet: path: /ping @@ -106,5 +121,6 @@ spec: initialDelaySeconds: 5 periodSeconds: 5 failureThreshold: 20 + imagePullSecrets: - - name: regcred + - name: regcred \ No newline at end of file From f78783452d4ca8cfc391eba0a04e9ae02745238b Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 14:32:20 +0500 Subject: [PATCH 08/23] fix --- apps/eav/base/backend-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/eav/base/backend-deployment.yaml b/apps/eav/base/backend-deployment.yaml index d4e343d..d41653a 100644 --- a/apps/eav/base/backend-deployment.yaml +++ b/apps/eav/base/backend-deployment.yaml @@ -88,7 +88,7 @@ spec: valueFrom: secretKeyRef: name: s3-secret - key: login + key: username - name: YC_S3_SECRET_ACCESS_KEY valueFrom: From 8acd41cc5c76ee5464e46ad5b24995f0f4008328 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 14:34:56 +0500 Subject: [PATCH 09/23] fix --- apps/eav/base/django-configmap.yaml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/apps/eav/base/django-configmap.yaml b/apps/eav/base/django-configmap.yaml index c67bc9d..b610500 100644 --- a/apps/eav/base/django-configmap.yaml +++ b/apps/eav/base/django-configmap.yaml @@ -24,24 +24,15 @@ data: # DEBUG SETTINGS START - # - --------------------------------------------------------------------------------------------------------------------- - DEBUG = True ALLOWED_HOSTS = ['*'] - # - --------------------------------------------------------------------------------------------------------------------- - # DEBUG SETTINGS END # DATABASE SETTINGS START - # - --------------------------------------------------------------------------------------------------------------------- - DATABASES = { "default": { "ENGINE": "django.db.backends.postgresql", @@ -53,16 +44,11 @@ data: } } - # - --------------------------------------------------------------------------------------------------------------------- - # DATABASE SETTINGS END # RESPONSE HEADERS START - # - --------------------------------------------------------------------------------------------------------------------- CORS_ORIGIN_ALLOW_ALL = True @@ -104,9 +90,6 @@ data: 'Bearer' ) - # - --------------------------------------------------------------------------------------------------------------------- - # RESPONSE HEADERS END @@ -133,9 +116,6 @@ data: # JWT SETTINGS START - # - --------------------------------------------------------------------------------------------------------------------- - def get_env_variable(var_name, default=None): try: return os.getenv(var_name, default) @@ -175,8 +155,6 @@ data: "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1), } - # - --------------------------------------------------------------------------------------------------------------------- # JWT SETTINGS END From 8b883f73d9d6dc6fc09abd23127a0d5620aabb3a Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 14:47:36 +0500 Subject: [PATCH 10/23] fix --- apps/resources/base/backend-deployment.yaml | 116 ++++++++++++++++++ apps/resources/base/backend-service.yaml | 15 +++ apps/resources/base/django-configmap.yaml | 93 ++++++++++++++ apps/resources/base/kustomization.yaml | 9 ++ apps/resources/base/namespace.yaml | 7 ++ apps/resources/yc-k8s-test/kustomization.yaml | 11 ++ apps/resources/yc-k8s-test/postgresql.yaml | 113 +++++++++++++++++ apps/resources/yc-k8s-test/replicas.yaml | 8 ++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 9 files changed, 374 insertions(+), 1 deletion(-) create mode 100644 apps/resources/base/backend-deployment.yaml create mode 100644 apps/resources/base/backend-service.yaml create mode 100644 apps/resources/base/django-configmap.yaml create mode 100644 apps/resources/base/kustomization.yaml create mode 100644 apps/resources/base/namespace.yaml create mode 100644 apps/resources/yc-k8s-test/kustomization.yaml create mode 100644 apps/resources/yc-k8s-test/postgresql.yaml create mode 100644 apps/resources/yc-k8s-test/replicas.yaml diff --git a/apps/resources/base/backend-deployment.yaml b/apps/resources/base/backend-deployment.yaml new file mode 100644 index 0000000..4b763e5 --- /dev/null +++ b/apps/resources/base/backend-deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: resources + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-resources:prod_d642ef88 + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + + env: + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: API_ADDRESS + value: "8000" + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + + + resources: + requests: + cpu: 100m + memory: 100Mi + + volumeMounts: + - name: django-configmap + mountPath: /server/config/settings/production.py + subPath: production.py + + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + + imagePullSecrets: + - name: regcred \ No newline at end of file diff --git a/apps/resources/base/backend-service.yaml b/apps/resources/base/backend-service.yaml new file mode 100644 index 0000000..1215014 --- /dev/null +++ b/apps/resources/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: resources +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/resources/base/django-configmap.yaml b/apps/resources/base/django-configmap.yaml new file mode 100644 index 0000000..e7b33c9 --- /dev/null +++ b/apps/resources/base/django-configmap.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: resources +data: + production.py: | + import os + from .base import * + + # DEBUG SETTINGS + # ----------------------------------------------------------------------------- + DEBUG = False + # ----------------------------------------------------------------------------- + + # ALLOWED HOSTS + # ----------------------------------------------------------------------------- + ALLOWED_HOSTS = ['*'] + # ----------------------------------------------------------------------------- + + # SERVICE ACCOUNTS HOST + # ----------------------------------------------------------------------------- + SERVICE_ACCOUNTS_HOST = os.getenv( + "SERVICE_ACCOUNTS_HOST", + default="http://backend.django.svc.cluster.local:8000/api/core" + ) + # ----------------------------------------------------------------------------- + + # DATABASE CONFIGURATION + # ----------------------------------------------------------------------------- + POSTGRES_DATABASE = os.getenv("DATABASE_NAME") + POSTGRES_USER = os.getenv("DATABASE_USER") + POSTGRES_PASSWORD = os.getenv("DATABASE_PASSWORD") + POSTGRES_HOST = os.getenv("DATABASE_HOST") + POSTGRES_PORT = os.getenv("DATABASE_PORT") + + DATABASES = { + "default": { + "ENGINE": "django.contrib.gis.db.backends.postgis", + "NAME": POSTGRES_DATABASE, + "USER": POSTGRES_USER, + "PASSWORD": POSTGRES_PASSWORD, + "HOST": POSTGRES_HOST, + "PORT": POSTGRES_PORT, + } + } + # ----------------------------------------------------------------------------- + + # CORS SETTINGS + SAREX_ADMIN_USERNAME = "hagen013" + SAREX_ADMIN_PASSWORD = "zealot096" + SAREX_BASE_HOST = "http://backend.django.svc.cluster.local:8000" + # ----------------------------------------------------------------------------- + + CORS_ALLOWED_ORIGINS = [ + "https://localhost:8000", + "https://localhost:8080", + "https://wb.sarex.ru", + "https://wb.sarex.ru.lonsdaleites.ru", + "https://srx.wb.ru", + ] + + CSRF_TRUSTED_ORIGINS = [ + 'https://localhost:8000', + 'https://localhost:8080', + 'https://wb.sarex.ru', + "https://wb.sarex.ru", + ] + + CORS_ALLOW_ALL_ORIGINS = True + + CORS_ALLOW_METHODS = [ + "DELETE", + "GET", + "OPTIONS", + "PATCH", + "POST", + "PUT", + ] + # ----------------------------------------------------------------------------- + + # STATIC FILES + # ----------------------------------------------------------------------------- + STATIC_ROOT = "/static/" + STATIC_URL = "/static/" + STATICFILES_STORAGE = "django.contrib.staticfiles.storage.StaticFilesStorage" + # ----------------------------------------------------------------------------- + + # COOKIE SETTINGS + # ----------------------------------------------------------------------------- + SESSION_COOKIE_NAME = "resource-sessionid" + CSRF_COOKIE_NAME = "resource-csrftoken" + # ----------------------------------------------------------------------------- \ No newline at end of file diff --git a/apps/resources/base/kustomization.yaml b/apps/resources/base/kustomization.yaml new file mode 100644 index 0000000..149f532 --- /dev/null +++ b/apps/resources/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: resources +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - django-configmap.yaml diff --git a/apps/resources/base/namespace.yaml b/apps/resources/base/namespace.yaml new file mode 100644 index 0000000..5c2d001 --- /dev/null +++ b/apps/resources/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: resources + labels: + istio-injection: enabled diff --git a/apps/resources/yc-k8s-test/kustomization.yaml b/apps/resources/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/resources/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/resources/yc-k8s-test/postgresql.yaml b/apps/resources/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..432f999 --- /dev/null +++ b/apps/resources/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: resources +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis" + databases: + - name: resources_db + user: resources + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/resources/yc-k8s-test/replicas.yaml b/apps/resources/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..14eb0a8 --- /dev/null +++ b/apps/resources/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: resources +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index a6c1325..538e203 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -26,4 +26,5 @@ resources: - ../../apps/pm/yc-k8s-test - ../../apps/faas/yc-k8s-test - ../../apps/stamp-verification/yc-k8s-test - - ../../apps/eav/yc-k8s-test \ No newline at end of file + - ../../apps/eav/yc-k8s-test + - ../../apps/resources/yc-k8s-test \ No newline at end of file From 3784b270a07112abd2ddf9004c0c84d2b249a395 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 15:38:46 +0500 Subject: [PATCH 11/23] ++ --- apps/workspaces/base/backend-deployment.yaml | 104 ++++++++++++++++ apps/workspaces/base/backend-service.yaml | 15 +++ apps/workspaces/base/frontend-deployment.yaml | 46 +++++++ apps/workspaces/base/frontend-service.yaml | 15 +++ apps/workspaces/base/kustomization.yaml | 10 ++ apps/workspaces/base/namespace.yaml | 7 ++ .../workspaces/yc-k8s-test/kustomization.yaml | 11 ++ apps/workspaces/yc-k8s-test/postgresql.yaml | 113 ++++++++++++++++++ apps/workspaces/yc-k8s-test/replicas.yaml | 8 ++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 10 files changed, 331 insertions(+), 1 deletion(-) create mode 100644 apps/workspaces/base/backend-deployment.yaml create mode 100644 apps/workspaces/base/backend-service.yaml create mode 100644 apps/workspaces/base/frontend-deployment.yaml create mode 100644 apps/workspaces/base/frontend-service.yaml create mode 100644 apps/workspaces/base/kustomization.yaml create mode 100644 apps/workspaces/base/namespace.yaml create mode 100644 apps/workspaces/yc-k8s-test/kustomization.yaml create mode 100644 apps/workspaces/yc-k8s-test/postgresql.yaml create mode 100644 apps/workspaces/yc-k8s-test/replicas.yaml diff --git a/apps/workspaces/base/backend-deployment.yaml b/apps/workspaces/base/backend-deployment.yaml new file mode 100644 index 0000000..33cd497 --- /dev/null +++ b/apps/workspaces/base/backend-deployment.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workspaces-api + namespace: workspaces + labels: + app: workspaces-api +spec: + replicas: 1 + selector: + matchLabels: + app: workspaces-api + template: + metadata: + labels: + app: workspaces-api + spec: + containers: + - name: workspaces-api + image: cr.yandex/crp3ccidau046kdj8g9q/workspaces:prod_4961b1f1 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "3" + - name: BUNDLES_RETRY_COUNT + value: "5" + - name: BUNDLES_NJOBS + value: "5" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: NAMESPACE + value: workspaces + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DOCUMENTATION_LOGGER_FEATURE + value: "0" + - name: DOCUMENTATION_ORIGINATOR + value: prod_ws + - name: ENVIRONMENT + value: prod + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + + resources: + requests: + cpu: 100m + memory: 100Mi + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/workspaces/base/backend-service.yaml b/apps/workspaces/base/backend-service.yaml new file mode 100644 index 0000000..046ddcd --- /dev/null +++ b/apps/workspaces/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: workspaces +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/workspaces/base/frontend-deployment.yaml b/apps/workspaces/base/frontend-deployment.yaml new file mode 100644 index 0000000..f718edf --- /dev/null +++ b/apps/workspaces/base/frontend-deployment.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: workspaces + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_7f95769f + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/workspaces/base/frontend-service.yaml b/apps/workspaces/base/frontend-service.yaml new file mode 100644 index 0000000..b09b11e --- /dev/null +++ b/apps/workspaces/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: workspaces +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/workspaces/base/kustomization.yaml b/apps/workspaces/base/kustomization.yaml new file mode 100644 index 0000000..47414e4 --- /dev/null +++ b/apps/workspaces/base/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: comparisons +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - frontend-deployment.yaml + - frontend-service.yaml diff --git a/apps/workspaces/base/namespace.yaml b/apps/workspaces/base/namespace.yaml new file mode 100644 index 0000000..7790980 --- /dev/null +++ b/apps/workspaces/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: workspaces + labels: + istio-injection: enabled diff --git a/apps/workspaces/yc-k8s-test/kustomization.yaml b/apps/workspaces/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/workspaces/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/workspaces/yc-k8s-test/postgresql.yaml b/apps/workspaces/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..aa2979f --- /dev/null +++ b/apps/workspaces/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: workspaces +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp" + databases: + - name: workspaces_db + user: workspaces + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/workspaces/yc-k8s-test/replicas.yaml b/apps/workspaces/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..cc9af30 --- /dev/null +++ b/apps/workspaces/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: workspaces +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 538e203..115ead6 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -27,4 +27,5 @@ resources: - ../../apps/faas/yc-k8s-test - ../../apps/stamp-verification/yc-k8s-test - ../../apps/eav/yc-k8s-test - - ../../apps/resources/yc-k8s-test \ No newline at end of file + - ../../apps/resources/yc-k8s-test + - ../../apps/workspaces/yc-k8s-test \ No newline at end of file From e13f746fca236f95ff46c253ef56d70e80331465 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 15:41:31 +0500 Subject: [PATCH 12/23] ++ --- apps/workspaces/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/workspaces/base/kustomization.yaml b/apps/workspaces/base/kustomization.yaml index 47414e4..363c25f 100644 --- a/apps/workspaces/base/kustomization.yaml +++ b/apps/workspaces/base/kustomization.yaml @@ -1,7 +1,7 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: comparisons +namespace: workspaces resources: - namespace.yaml - backend-deployment.yaml From c0f264438f25a524765a76f9b08ead3fc5206dc4 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 16:01:05 +0500 Subject: [PATCH 13/23] ++ --- apps/cde/base/backend-service.yaml | 15 ++++++++++ apps/cde/base/cde-flowscallback.yaml | 40 +++++++++++++++++++++++++ apps/cde/base/cde-splitpdf.yaml | 40 +++++++++++++++++++++++++ apps/cde/base/cde.yaml | 40 +++++++++++++++++++++++++ apps/cde/base/kustomization.yaml | 11 +++++++ apps/cde/base/namespace.yaml | 7 +++++ apps/cde/yc-k8s-test/kustomization.yaml | 10 +++++++ apps/cde/yc-k8s-test/replicas.yaml | 8 +++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 9 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 apps/cde/base/backend-service.yaml create mode 100644 apps/cde/base/cde-flowscallback.yaml create mode 100644 apps/cde/base/cde-splitpdf.yaml create mode 100644 apps/cde/base/cde.yaml create mode 100644 apps/cde/base/kustomization.yaml create mode 100644 apps/cde/base/namespace.yaml create mode 100644 apps/cde/yc-k8s-test/kustomization.yaml create mode 100644 apps/cde/yc-k8s-test/replicas.yaml diff --git a/apps/cde/base/backend-service.yaml b/apps/cde/base/backend-service.yaml new file mode 100644 index 0000000..6a3f366 --- /dev/null +++ b/apps/cde/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: cde-svc + namespace: faas +spec: + type: ClusterIP + selector: + app: cde + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/cde/base/cde-flowscallback.yaml b/apps/cde/base/cde-flowscallback.yaml new file mode 100644 index 0000000..b9faab5 --- /dev/null +++ b/apps/cde/base/cde-flowscallback.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-flowscallback + namespace: cde + labels: + app: cde-flowscallback + service: cde-flowscallback +spec: + replicas: 1 + selector: + matchLabels: + app: cde-flowscallback + template: + metadata: + labels: + app: cde-flowscallback + service: cde-flowscallback + spec: + containers: + - name: cde-flowscallback + image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_3.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-splitpdf.yaml b/apps/cde/base/cde-splitpdf.yaml new file mode 100644 index 0000000..09bcce6 --- /dev/null +++ b/apps/cde/base/cde-splitpdf.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-splitpdf + namespace: cde + labels: + app: cde-splitpdf + service: cde-splitpdf +spec: + replicas: 1 + selector: + matchLabels: + app: cde-splitpdf + template: + metadata: + labels: + app: cde-splitpdf + service: cde-splitpdf + spec: + containers: + - name: cde-splitpdf + image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_3.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde.yaml b/apps/cde/base/cde.yaml new file mode 100644 index 0000000..776f550 --- /dev/null +++ b/apps/cde/base/cde.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde + namespace: cde + labels: + app: cde + service: cde +spec: + replicas: 1 + selector: + matchLabels: + app: cde + template: + metadata: + labels: + app: cde + service: cde + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/cde:preprod_ec474ae7 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/kustomization.yaml b/apps/cde/base/kustomization.yaml new file mode 100644 index 0000000..a565596 --- /dev/null +++ b/apps/cde/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cde +resources: + - namespace.yaml + - cde-splitpdf.yaml + - cde.yaml + - cde-splitpdf.yaml + - backend-service.yaml + - cde-flowscallback.yaml \ No newline at end of file diff --git a/apps/cde/base/namespace.yaml b/apps/cde/base/namespace.yaml new file mode 100644 index 0000000..f080923 --- /dev/null +++ b/apps/cde/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cde + labels: + istio-injection: enabled diff --git a/apps/cde/yc-k8s-test/kustomization.yaml b/apps/cde/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/cde/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/cde/yc-k8s-test/replicas.yaml b/apps/cde/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..6982932 --- /dev/null +++ b/apps/cde/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: cde +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 115ead6..26a1925 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -28,4 +28,5 @@ resources: - ../../apps/stamp-verification/yc-k8s-test - ../../apps/eav/yc-k8s-test - ../../apps/resources/yc-k8s-test - - ../../apps/workspaces/yc-k8s-test \ No newline at end of file + - ../../apps/workspaces/yc-k8s-test + - ../../apps/cde/yc-k8s-test \ No newline at end of file From 81577d446e58098c7e0a21857558ae64f24aaea6 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 16:03:00 +0500 Subject: [PATCH 14/23] ++ --- apps/cde/base/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/cde/base/kustomization.yaml b/apps/cde/base/kustomization.yaml index a565596..f0e5249 100644 --- a/apps/cde/base/kustomization.yaml +++ b/apps/cde/base/kustomization.yaml @@ -4,7 +4,6 @@ kind: Kustomization namespace: cde resources: - namespace.yaml - - cde-splitpdf.yaml - cde.yaml - cde-splitpdf.yaml - backend-service.yaml From 6a3e22abf5b579f1c0361c2040a26ecf8861496a Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 16:06:39 +0500 Subject: [PATCH 15/23] ++ --- apps/cde/base/cde-worker-copy.yaml | 40 ++++++++++++++++++++++++++++++ apps/cde/base/kustomization.yaml | 3 ++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 apps/cde/base/cde-worker-copy.yaml diff --git a/apps/cde/base/cde-worker-copy.yaml b/apps/cde/base/cde-worker-copy.yaml new file mode 100644 index 0000000..caaf637 --- /dev/null +++ b/apps/cde/base/cde-worker-copy.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-copy + namespace: cde + labels: + app: cde-worker-copy + service: cde-worker-copy +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-copy + template: + metadata: + labels: + app: cde-worker-copy + service: cde-worker-copy + spec: + containers: + - name: cde-worker-copy + image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:preprod_fd483601 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/kustomization.yaml b/apps/cde/base/kustomization.yaml index f0e5249..7a31be4 100644 --- a/apps/cde/base/kustomization.yaml +++ b/apps/cde/base/kustomization.yaml @@ -7,4 +7,5 @@ resources: - cde.yaml - cde-splitpdf.yaml - backend-service.yaml - - cde-flowscallback.yaml \ No newline at end of file + - cde-flowscallback.yaml + - cde-worker-copy.yaml \ No newline at end of file From 4b0358fbb1d3bf7c8f4ed4017c68d595a9144e13 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 16:18:33 +0500 Subject: [PATCH 16/23] fix --- apps/cde/base/cde-worker-create-versions.yaml | 40 +++++++++++++++++++ apps/cde/base/cde-worker-markings.yaml | 40 +++++++++++++++++++ apps/cde/base/cde-worker-sign.yaml | 40 +++++++++++++++++++ apps/cde/base/cde-worker-update-bundles.yaml | 40 +++++++++++++++++++ apps/cde/base/kustomization.yaml | 6 ++- 5 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 apps/cde/base/cde-worker-create-versions.yaml create mode 100644 apps/cde/base/cde-worker-markings.yaml create mode 100644 apps/cde/base/cde-worker-sign.yaml create mode 100644 apps/cde/base/cde-worker-update-bundles.yaml diff --git a/apps/cde/base/cde-worker-create-versions.yaml b/apps/cde/base/cde-worker-create-versions.yaml new file mode 100644 index 0000000..62deccd --- /dev/null +++ b/apps/cde/base/cde-worker-create-versions.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-create-versions + namespace: cde + labels: + app: cde-worker-create-versions + service: cde-worker-create-versions +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-create-versions + template: + metadata: + labels: + app: cde-worker-create-versions + service: cde-worker-create-versions + spec: + containers: + - name: cde-worker-create-versions + image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:preprod_ec474ae7 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-markings.yaml b/apps/cde/base/cde-worker-markings.yaml new file mode 100644 index 0000000..5d2a206 --- /dev/null +++ b/apps/cde/base/cde-worker-markings.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-markings + namespace: cde + labels: + app: cde-worker-markings + service: cde-worker-markings +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-markings + template: + metadata: + labels: + app: cde-worker-markings + service: cde-worker-markings + spec: + containers: + - name: cde-worker-markings + image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:preprod_eb50f30e + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-sign.yaml b/apps/cde/base/cde-worker-sign.yaml new file mode 100644 index 0000000..2e08972 --- /dev/null +++ b/apps/cde/base/cde-worker-sign.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-sign + namespace: cde + labels: + app: cde-worker-sign + service: cde-worker-sign +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-sign + template: + metadata: + labels: + app: cde-worker-sign + service: cde-worker-sign + spec: + containers: + - name: cde-worker-sign + image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:preprod_fd483601 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/cde-worker-update-bundles.yaml b/apps/cde/base/cde-worker-update-bundles.yaml new file mode 100644 index 0000000..4421daa --- /dev/null +++ b/apps/cde/base/cde-worker-update-bundles.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cde-worker-update-bundles + namespace: cde + labels: + app: cde-worker-update-bundles + service: cde-worker-update-bundles +spec: + replicas: 1 + selector: + matchLabels: + app: cde-worker-update-bundles + template: + metadata: + labels: + app: cde-worker-update-bundles + service: cde-worker-update-bundles + spec: + containers: + - name: cde-worker-update-bundles + image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_3.1.2 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: S3_IS_CONTOUR + value: "true" + envFrom: + - secretRef: + name: cde-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/cde/base/kustomization.yaml b/apps/cde/base/kustomization.yaml index 7a31be4..18d33e8 100644 --- a/apps/cde/base/kustomization.yaml +++ b/apps/cde/base/kustomization.yaml @@ -8,4 +8,8 @@ resources: - cde-splitpdf.yaml - backend-service.yaml - cde-flowscallback.yaml - - cde-worker-copy.yaml \ No newline at end of file + - cde-worker-copy.yaml + - cde-worker-create-versions.yaml + - cde-worker-markings.yaml + - cde-worker-sign.yaml + - cde-worker-update-bundles.yaml \ No newline at end of file From 787f950359493c3567f85a854815917c00e42142 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 13:48:42 +0500 Subject: [PATCH 17/23] fix --- apps/flows/base/backend-deployment.yaml | 188 +++++++++++++++++++++ apps/flows/base/backend-service.yaml | 15 ++ apps/flows/base/celery-deployment.yaml | 197 ++++++++++++++++++++++ apps/flows/base/frontend-deployment.yaml | 32 ++++ apps/flows/base/frontend-service.yaml | 15 ++ apps/flows/base/kustomization.yaml | 11 ++ apps/flows/base/namespace.yaml | 7 + apps/flows/yc-k8s-test/kustomization.yaml | 7 + apps/flows/yc-k8s-test/postgresql.yaml | 110 ++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 10 files changed, 584 insertions(+), 1 deletion(-) create mode 100644 apps/flows/base/backend-deployment.yaml create mode 100644 apps/flows/base/backend-service.yaml create mode 100644 apps/flows/base/celery-deployment.yaml create mode 100644 apps/flows/base/frontend-deployment.yaml create mode 100644 apps/flows/base/frontend-service.yaml create mode 100644 apps/flows/base/kustomization.yaml create mode 100644 apps/flows/base/namespace.yaml create mode 100644 apps/flows/yc-k8s-test/kustomization.yaml create mode 100644 apps/flows/yc-k8s-test/postgresql.yaml diff --git a/apps/flows/base/backend-deployment.yaml b/apps/flows/base/backend-deployment.yaml new file mode 100644 index 0000000..267789a --- /dev/null +++ b/apps/flows/base/backend-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: flows + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + spec: + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_2a439111 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ADMIN_PANEL_SECRET_KEY + valueFrom: + secretKeyRef: + key: key + name: admin-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public_key + name: jwt-secret + - name: LOG_LEVEL + value: DEBUG + - name: BASE_HOST + value: https://srx.wb.ru + - name: CELERY_QUEUE + value: flow + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000/api + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: "1" + - name: ENABLE_CELERY + value: "1" + - name: ENABLE_MAILGUN + value: "0" + - name: ENABLE_METRICS + value: "0" + - name: FROM_EMAIL + value: sarex@rwb.ru + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RESOURCE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: https://srx.wb.ru/flows/api/v1 + - name: SMTP_HOST + value: mail.rwb.ru + + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + + - name: DOCUMENTATION_PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret-documentations + - name: CHECKLIST_HOST + value: http://checklists-backend-service.checklists.svc.cluster.local:80 + - name: SMTP_PORT + value: "465" + - name: SYNC_RESOURCE_ID + value: "1" + - name: TIMEOUT + value: "120" + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: "60" + - name: DOCUMENTATION_TIMEOUT + value: "60" + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + key: token + name: django-secret + - name: PG_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PG_LOGIN + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: hostname + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/backend-service.yaml b/apps/flows/base/backend-service.yaml new file mode 100644 index 0000000..7a8d196 --- /dev/null +++ b/apps/flows/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: flows +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/flows/base/celery-deployment.yaml b/apps/flows/base/celery-deployment.yaml new file mode 100644 index 0000000..6961f48 --- /dev/null +++ b/apps/flows/base/celery-deployment.yaml @@ -0,0 +1,197 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: flows + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend_worker:production_2a439111 + imagePullPolicy: IfNotPresent + command: + - uv + args: + - run + - celery + - -A + - config + - worker + - -l + - info + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ADMIN_PANEL_SECRET_KEY + valueFrom: + secretKeyRef: + key: key + name: admin-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public_key + name: jwt-secret + - name: LOG_LEVEL + value: DEBUG + - name: BASE_HOST + value: https://srx.wb.ru + - name: CELERY_QUEUE + value: flow + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000/api + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: "1" + - name: ENABLE_CELERY + value: "1" + - name: ENABLE_MAILGUN + value: "0" + - name: ENABLE_METRICS + value: "0" + - name: FROM_EMAIL + value: sarex@rwb.ru + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RESOURCE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: https://srx.wb.ru/flows/api/v1 + - name: SMTP_HOST + value: mail.rwb.ru + + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + + - name: DOCUMENTATION_PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret-documentations + - name: CHECKLIST_HOST + value: http://checklists-backend-service.checklists.svc.cluster.local:80 + - name: SMTP_PORT + value: "465" + - name: SYNC_RESOURCE_ID + value: "1" + - name: TIMEOUT + value: "120" + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: "60" + - name: DOCUMENTATION_TIMEOUT + value: "60" + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + key: token + name: django-secret + - name: PG_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PG_LOGIN + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: hostname + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/frontend-deployment.yaml b/apps/flows/base/frontend-deployment.yaml new file mode 100644 index 0000000..d9b357f --- /dev/null +++ b/apps/flows/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: flows + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_5b2bd144 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/frontend-service.yaml b/apps/flows/base/frontend-service.yaml new file mode 100644 index 0000000..3157655 --- /dev/null +++ b/apps/flows/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: flows +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/flows/base/kustomization.yaml b/apps/flows/base/kustomization.yaml new file mode 100644 index 0000000..e197b54 --- /dev/null +++ b/apps/flows/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flows +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml diff --git a/apps/flows/base/namespace.yaml b/apps/flows/base/namespace.yaml new file mode 100644 index 0000000..e3a5b8a --- /dev/null +++ b/apps/flows/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: flows + labels: + istio-injection: enabled diff --git a/apps/flows/yc-k8s-test/kustomization.yaml b/apps/flows/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/flows/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/flows/yc-k8s-test/postgresql.yaml b/apps/flows/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..b47f5c9 --- /dev/null +++ b/apps/flows/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: flows +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: flows_db + user: flows + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 26a1925..2e74715 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -29,4 +29,5 @@ resources: - ../../apps/eav/yc-k8s-test - ../../apps/resources/yc-k8s-test - ../../apps/workspaces/yc-k8s-test - - ../../apps/cde/yc-k8s-test \ No newline at end of file + - ../../apps/cde/yc-k8s-test + - ../../apps/flows/yc-k8s-test \ No newline at end of file From 084175b9a56d0f8fd2bf3229f446251a2fbd0946 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 13:52:23 +0500 Subject: [PATCH 18/23] fix --- apps/flows/base/backend-deployment.yaml | 11 ----------- apps/flows/base/celery-deployment.yaml | 12 ------------ 2 files changed, 23 deletions(-) diff --git a/apps/flows/base/backend-deployment.yaml b/apps/flows/base/backend-deployment.yaml index 267789a..36bea7d 100644 --- a/apps/flows/base/backend-deployment.yaml +++ b/apps/flows/base/backend-deployment.yaml @@ -73,17 +73,6 @@ spec: value: https://srx.wb.ru/flows/api/v1 - name: SMTP_HOST value: mail.rwb.ru - - - name: PG_HOST - valueFrom: - secretKeyRef: - key: hostname - name: postgresql-secret - - name: PG_PORT - valueFrom: - secretKeyRef: - key: port - name: postgresql-secret - name: DOCUMENTATION_PG_HOST valueFrom: diff --git a/apps/flows/base/celery-deployment.yaml b/apps/flows/base/celery-deployment.yaml index 6961f48..7eba7cb 100644 --- a/apps/flows/base/celery-deployment.yaml +++ b/apps/flows/base/celery-deployment.yaml @@ -83,18 +83,6 @@ spec: value: https://srx.wb.ru/flows/api/v1 - name: SMTP_HOST value: mail.rwb.ru - - - name: PG_HOST - valueFrom: - secretKeyRef: - key: hostname - name: postgresql-secret - - name: PG_PORT - valueFrom: - secretKeyRef: - key: port - name: postgresql-secret - - name: DOCUMENTATION_PG_HOST valueFrom: secretKeyRef: From 01b2c743bf7f4842cecaac78d5bc1c71722abbd6 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 14:19:44 +0500 Subject: [PATCH 19/23] fix --- apps/documentations/base/api-deployment.yaml | 188 ++++++++++++++++++ apps/documentations/base/api-service.yaml | 15 ++ .../base/filestream-deployment.yaml | 188 ++++++++++++++++++ .../base/filestream-service.yaml | 15 ++ .../base/frontend-deployment.yaml | 32 +++ .../documentations/base/frontend-service.yaml | 15 ++ apps/documentations/base/kustomization.yaml | 12 ++ apps/documentations/base/namespace.yaml | 7 + .../yc-k8s-test/kustomization.yaml | 7 + .../yc-k8s-test/postgresql.yaml | 110 ++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 11 files changed, 591 insertions(+), 1 deletion(-) create mode 100644 apps/documentations/base/api-deployment.yaml create mode 100644 apps/documentations/base/api-service.yaml create mode 100644 apps/documentations/base/filestream-deployment.yaml create mode 100644 apps/documentations/base/filestream-service.yaml create mode 100644 apps/documentations/base/frontend-deployment.yaml create mode 100644 apps/documentations/base/frontend-service.yaml create mode 100644 apps/documentations/base/kustomization.yaml create mode 100644 apps/documentations/base/namespace.yaml create mode 100644 apps/documentations/yc-k8s-test/kustomization.yaml create mode 100644 apps/documentations/yc-k8s-test/postgresql.yaml diff --git a/apps/documentations/base/api-deployment.yaml b/apps/documentations/base/api-deployment.yaml new file mode 100644 index 0000000..7aa3014 --- /dev/null +++ b/apps/documentations/base/api-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: documentations-api + namespace: documentations + labels: + app: documentations-api + service: documentations-api +spec: + replicas: 1 + selector: + matchLabels: + app: documentations-api + template: + metadata: + labels: + app: documentations-api + service: documentations-api + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: documentations-api + image: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_a9990430 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ZITADEL_ACCOUNT + value: /etc/sarex/zitadel/zitadel-account.json + - name: ZITADEL_DOMAIN + value: zitadel-srx.wb.ru + - name: USE_ZITADEL + value: "1" + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: "36311" + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + valueFrom: + secretKeyRef: + key: secret + name: yc-jwt-secret + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: "5" + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: https://srx.wb.ru/workspaces-v2/ + - name: ENABLE_S3 + value: "1" + - name: CONTAINER_REGISTRY + value: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: production + - name: LAST_SLAVE_1_BIM + value: "1000000" + - name: HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: FILE_STREAM_HOST + value: srx.wb.ru + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: https://document-link-srx.wb.ru + - name: NAMESPACE + value: documentations + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: ENABLE_SMTP + value: "True" + - name: ENABLE_MAILGUN + value: "False" + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: ENABLE_AUTH_JWT_IN_URL + value: "false" + - name: ENABLE_SIGNATURE_IN_URL + value: "true" + - name: USE_CACHE_IN_FILE_STREAMER + value: "0" + - name: VALKEY_ADDR + value: redis:6379 + - name: VALKEY_HOST + value: redis + - name: VALKEY_PORT + value: "6379" + + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + valueFrom: + secretKeyRef: + key: key + name: django-auth + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/api-service.yaml b/apps/documentations/base/api-service.yaml new file mode 100644 index 0000000..c7d1da1 --- /dev/null +++ b/apps/documentations/base/api-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-api-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: documentations-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/documentations/base/filestream-deployment.yaml b/apps/documentations/base/filestream-deployment.yaml new file mode 100644 index 0000000..13c5b2d --- /dev/null +++ b/apps/documentations/base/filestream-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: documentations-filestream + namespace: documentations + labels: + app: documentations-filestream + service: documentations-filestream +spec: + replicas: 1 + selector: + matchLabels: + app: documentations-filestream + template: + metadata: + labels: + app: documentations-filestream + service: documentations-filestream + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: documentations-filestream + image: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_a9990430 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ZITADEL_ACCOUNT + value: /etc/sarex/zitadel/zitadel-account.json + - name: ZITADEL_DOMAIN + value: zitadel-srx.wb.ru + - name: USE_ZITADEL + value: "1" + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: "36311" + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + valueFrom: + secretKeyRef: + key: secret + name: yc-jwt-secret + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: "5" + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: https://srx.wb.ru/workspaces-v2/ + - name: ENABLE_S3 + value: "1" + - name: CONTAINER_REGISTRY + value: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: production + - name: LAST_SLAVE_1_BIM + value: "1000000" + - name: HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: FILE_STREAM_HOST + value: srx.wb.ru + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: https://document-link-srx.wb.ru + - name: NAMESPACE + value: documentations + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: ENABLE_SMTP + value: "True" + - name: ENABLE_MAILGUN + value: "False" + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: ENABLE_AUTH_JWT_IN_URL + value: "false" + - name: ENABLE_SIGNATURE_IN_URL + value: "true" + - name: USE_CACHE_IN_FILE_STREAMER + value: "0" + - name: VALKEY_ADDR + value: redis:6379 + - name: VALKEY_HOST + value: redis + - name: VALKEY_PORT + value: "6379" + + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + valueFrom: + secretKeyRef: + key: key + name: django-auth + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/filestream-service.yaml b/apps/documentations/base/filestream-service.yaml new file mode 100644 index 0000000..8ec4d34 --- /dev/null +++ b/apps/documentations/base/filestream-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-filestream-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: documentations-filestream + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/documentations/base/frontend-deployment.yaml b/apps/documentations/base/frontend-deployment.yaml new file mode 100644 index 0000000..c190637 --- /dev/null +++ b/apps/documentations/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: documentations + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ce5555d3 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/frontend-service.yaml b/apps/documentations/base/frontend-service.yaml new file mode 100644 index 0000000..f4ad089 --- /dev/null +++ b/apps/documentations/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: documentations +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/documentations/base/kustomization.yaml b/apps/documentations/base/kustomization.yaml new file mode 100644 index 0000000..dc13a96 --- /dev/null +++ b/apps/documentations/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: documentations +resources: + - namespace.yaml + - api-deployment.yaml + - filestream-deployment.yaml + - frontend-deployment.yaml + - api-service.yaml + - filestream-service.yaml + - frontend-service.yaml diff --git a/apps/documentations/base/namespace.yaml b/apps/documentations/base/namespace.yaml new file mode 100644 index 0000000..1f0a0fd --- /dev/null +++ b/apps/documentations/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: documentations + labels: + istio-injection: enabled diff --git a/apps/documentations/yc-k8s-test/kustomization.yaml b/apps/documentations/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/documentations/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/documentations/yc-k8s-test/postgresql.yaml b/apps/documentations/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..ec3b708 --- /dev/null +++ b/apps/documentations/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: documentations +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,ltree,timescaledb,uuid-ossp" + databases: + - name: documentations_db + user: documentations + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 2e74715..87a5fbd 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -30,4 +30,5 @@ resources: - ../../apps/resources/yc-k8s-test - ../../apps/workspaces/yc-k8s-test - ../../apps/cde/yc-k8s-test - - ../../apps/flows/yc-k8s-test \ No newline at end of file + - ../../apps/flows/yc-k8s-test + - ../../apps/documentations/yc-k8s-test \ No newline at end of file From 5b21d9c4388f09e2d7e095916ddcade7eb7847c8 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 15:39:38 +0500 Subject: [PATCH 20/23] ++ --- apps/documentations/base/kustomization.yaml | 2 + apps/documentations/base/pdm-deployment.yaml | 198 +++++++++++++++++++ apps/documentations/base/pdm-service.yaml | 15 ++ 3 files changed, 215 insertions(+) create mode 100644 apps/documentations/base/pdm-deployment.yaml create mode 100644 apps/documentations/base/pdm-service.yaml diff --git a/apps/documentations/base/kustomization.yaml b/apps/documentations/base/kustomization.yaml index dc13a96..342acc4 100644 --- a/apps/documentations/base/kustomization.yaml +++ b/apps/documentations/base/kustomization.yaml @@ -5,8 +5,10 @@ namespace: documentations resources: - namespace.yaml - api-deployment.yaml + - pdm-deployment.yaml - filestream-deployment.yaml - frontend-deployment.yaml - api-service.yaml + - pdm-service.yaml - filestream-service.yaml - frontend-service.yaml diff --git a/apps/documentations/base/pdm-deployment.yaml b/apps/documentations/base/pdm-deployment.yaml new file mode 100644 index 0000000..368a298 --- /dev/null +++ b/apps/documentations/base/pdm-deployment.yaml @@ -0,0 +1,198 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pdm-api + namespace: documentations + labels: + app: pdm-api + service: pdm-api +spec: + replicas: 1 + selector: + matchLabels: + app: pdm-api + template: + metadata: + labels: + app: pdm-api + service: pdm-api + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: pdm-api + image: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_38958427 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + protocol: TCP + env: + - name: USE_EXPERIMENTAL + value: "true" + - name: RELEASES_TOKEN + valueFrom: + secretKeyRef: + key: key + name: releases-token + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_POOL_SIZE + value: "20" + - name: TRANSMITTALS_BASE_URL + value: mock + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: BUCKET_NAME + value: attachments-storage + - name: API_HOST_PREFIX + value: / + - name: APP_NAME + value: pdm_v2 + - name: APP_VERSION + value: 0.0.1 + - name: ENABLE_PERMISSIONS_FILTER + value: "1" + - name: PERMISSIONS_FILTER_COMPANIES + value: '[1]' + - name: TRANSMITTALS_ENABLE + value: "false" + - name: DRAWINGS_INTERNAL_URL + value: http://drawings-api-service.drawings.svc.cluster.local:80 + - name: ATTACHMENTS_URL + value: http://attachments-service.attachments.svc.cluster.local:8000 + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: BIM_V2_HOST + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: EAV_URL + value: http://eav-service.eav.svc.cluster.local:8000 + - name: ENABLE_OBSERVABILITY + value: "false" + - name: ENABLE_S3 + value: "1" + - name: ENABLE_SSL + value: "0" + - name: ENVIRONMENT + value: prod + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: HEIGHT_THUMB_ATTACHMENTS + value: "300" + - name: HEIGHT_THUMB_STATES + value: "73" + - name: HTTP_PORT + value: "8080" + - name: INSPECTIONS_URL + value: http://inspections-service.inspections.svc.cluster.local:80 + - name: LOG_LEVEL + value: INFO + - name: NOTES_URL + - name: OBSERVABILITY_COLLECTOR_ENDPOINT + value: temp + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: RELEASES_URL + value: https://gitlab.com + - name: REMARKS_URL + value: http://remarks-static-service.remarks.svc.cluster.local:8080/remarks + - name: RESOURCES_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: STATES_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: SUBSCRIPTIONS_URL + value: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: TARGET_URL + value: http://backend.django.svc.cluster.local:8000 + - name: USE_CACHE_IN_FILE_STREAMER + value: "1" + - name: USE_SUBSCRIPTIONS + value: "false" + - name: WIDTH_THUMB_ATTACHMENTS + value: "300" + - name: WIDTH_THUMB_STATES + value: "120" + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/pdm-service.yaml b/apps/documentations/base/pdm-service.yaml new file mode 100644 index 0000000..b978673 --- /dev/null +++ b/apps/documentations/base/pdm-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: pdm-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: pdm-api + ports: + - name: http + port: 80 + targetPort: 8080 + protocol: TCP From e003faeda2438c753f73cb6ba419333d1a95fae8 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 15:49:58 +0500 Subject: [PATCH 21/23] ++ --- apps/issues/base/backend-deployment.yaml | 153 +++++++++++++++++++++ apps/issues/base/backend-service.yaml | 15 ++ apps/issues/base/celery-deployment.yaml | 153 +++++++++++++++++++++ apps/issues/base/frontend-deployment.yaml | 32 +++++ apps/issues/base/frontend-service.yaml | 15 ++ apps/issues/base/kustomization.yaml | 11 ++ apps/issues/base/namespace.yaml | 7 + apps/issues/yc-k8s-test/kustomization.yaml | 7 + apps/issues/yc-k8s-test/postgresql.yaml | 110 +++++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 1 + 10 files changed, 504 insertions(+) create mode 100644 apps/issues/base/backend-deployment.yaml create mode 100644 apps/issues/base/backend-service.yaml create mode 100644 apps/issues/base/celery-deployment.yaml create mode 100644 apps/issues/base/frontend-deployment.yaml create mode 100644 apps/issues/base/frontend-service.yaml create mode 100644 apps/issues/base/kustomization.yaml create mode 100644 apps/issues/base/namespace.yaml create mode 100644 apps/issues/yc-k8s-test/kustomization.yaml create mode 100644 apps/issues/yc-k8s-test/postgresql.yaml diff --git a/apps/issues/base/backend-deployment.yaml b/apps/issues/base/backend-deployment.yaml new file mode 100644 index 0000000..82dd516 --- /dev/null +++ b/apps/issues/base/backend-deployment.yaml @@ -0,0 +1,153 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: issues + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + spec: + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ENVIRONMENT + value: production + - name: AERO_PUBLIC_HOST + value: https://srx.wb.ru + - name: AERO_HOST + value: https://srx.wb.ru + - name: BASE_AERO_URL + value: https://srx.wb.ru + - name: BASE_AUTH_URL + value: http://backend.django.svc.cluster.local:8000 + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: WORKFLOWS_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: RESOURCES_API_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: SAREX_API + value: https://srx.wb.ru + - name: DOCUMENTATIONS_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: API_ADDRESS + value: "8000" + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: SAREX_USERNAME + valueFrom: + secretKeyRef: + key: username + name: sarex-auth + - name: SAREX_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: sarex-auth + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/issues/base/backend-service.yaml b/apps/issues/base/backend-service.yaml new file mode 100644 index 0000000..d5d299e --- /dev/null +++ b/apps/issues/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: issues +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/issues/base/celery-deployment.yaml b/apps/issues/base/celery-deployment.yaml new file mode 100644 index 0000000..4c79ef7 --- /dev/null +++ b/apps/issues/base/celery-deployment.yaml @@ -0,0 +1,153 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: issues + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa + imagePullPolicy: IfNotPresent + command: ["celery", "-A", "config", "worker", "-l", "info", "-E"] + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ENVIRONMENT + value: production + - name: AERO_PUBLIC_HOST + value: https://srx.wb.ru + - name: AERO_HOST + value: https://srx.wb.ru + - name: BASE_AERO_URL + value: https://srx.wb.ru + - name: BASE_AUTH_URL + value: http://backend.django.svc.cluster.local:8000 + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: WORKFLOWS_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: RESOURCES_API_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: SAREX_API + value: https://srx.wb.ru + - name: DOCUMENTATIONS_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: API_ADDRESS + value: "8000" + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: SAREX_USERNAME + valueFrom: + secretKeyRef: + key: username + name: sarex-auth + - name: SAREX_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: sarex-auth + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/issues/base/frontend-deployment.yaml b/apps/issues/base/frontend-deployment.yaml new file mode 100644 index 0000000..f58b577 --- /dev/null +++ b/apps/issues/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: issues + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:716a2b73 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/issues/base/frontend-service.yaml b/apps/issues/base/frontend-service.yaml new file mode 100644 index 0000000..14dfd0f --- /dev/null +++ b/apps/issues/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: issues +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/issues/base/kustomization.yaml b/apps/issues/base/kustomization.yaml new file mode 100644 index 0000000..2ba177b --- /dev/null +++ b/apps/issues/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: issues +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml diff --git a/apps/issues/base/namespace.yaml b/apps/issues/base/namespace.yaml new file mode 100644 index 0000000..e798ce7 --- /dev/null +++ b/apps/issues/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: issues + labels: + istio-injection: enabled diff --git a/apps/issues/yc-k8s-test/kustomization.yaml b/apps/issues/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/issues/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/issues/yc-k8s-test/postgresql.yaml b/apps/issues/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..2a7a590 --- /dev/null +++ b/apps/issues/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: issues +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: issues_db + user: issues + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 87a5fbd..758ba1c 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -31,4 +31,5 @@ resources: - ../../apps/workspaces/yc-k8s-test - ../../apps/cde/yc-k8s-test - ../../apps/flows/yc-k8s-test + - ../../apps/issues/yc-k8s-test - ../../apps/documentations/yc-k8s-test \ No newline at end of file From 2c59c57da304ecfea9fce84b59c3413ac31e1f86 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 16:00:59 +0500 Subject: [PATCH 22/23] ++ --- apps/issues/base/backend-deployment.yaml | 12 ++ apps/issues/base/celery-deployment.yaml | 12 ++ apps/issues/base/production-configmap.yaml | 140 +++++++++++++++++++++ 3 files changed, 164 insertions(+) create mode 100644 apps/issues/base/production-configmap.yaml diff --git a/apps/issues/base/backend-deployment.yaml b/apps/issues/base/backend-deployment.yaml index 82dd516..f1b1bf0 100644 --- a/apps/issues/base/backend-deployment.yaml +++ b/apps/issues/base/backend-deployment.yaml @@ -18,6 +18,14 @@ spec: app: backend service: backend spec: + volumes: + - name: production-configmap + configMap: + name: production-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 containers: - name: backend image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa @@ -149,5 +157,9 @@ spec: requests: cpu: "1" memory: 1Gi + volumeMounts: + - name: production-configmap + mountPath: /src/config/settings/production.py + subPath: production.py imagePullSecrets: - name: regcred diff --git a/apps/issues/base/celery-deployment.yaml b/apps/issues/base/celery-deployment.yaml index 4c79ef7..b2b7bfb 100644 --- a/apps/issues/base/celery-deployment.yaml +++ b/apps/issues/base/celery-deployment.yaml @@ -18,6 +18,14 @@ spec: app: celery service: celery spec: + volumes: + - name: production-configmap + configMap: + name: production-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 containers: - name: celery image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa @@ -149,5 +157,9 @@ spec: requests: cpu: "1" memory: 1Gi + volumeMounts: + - name: production-configmap + mountPath: /src/config/settings/production.py + subPath: production.py imagePullSecrets: - name: regcred diff --git a/apps/issues/base/production-configmap.yaml b/apps/issues/base/production-configmap.yaml new file mode 100644 index 0000000..c9ddd72 --- /dev/null +++ b/apps/issues/base/production-configmap.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: production-configmap + namespace: issues +data: + production.py: | + from datetime import timedelta + import os + from .base import * + + # DEBUG SETTINGS START + # ----------------------------------------------------------------------------- + DEBUG = True + # ----------------------------------------------------------------------------- + + TEST_MODE = False + + # SECRETS SETTINGS START + # ----------------------------------------------------------------------------- + SECRET_KEY = "FromToMuchLoveOfLiving" # Delete after Test + # ----------------------------------------------------------------------------- + + DJANGO_TOKEN="aGFnZW4wMTM6emVhbG90MDk2" + + # ALLOWED HOSTS START + # ----------------------------------------------------------------------------- + ALLOWED_HOSTS = ["*"] + # ----------------------------------------------------------------------------- + + # APPS SETTINGS START + # ----------------------------------------------------------------------------- + # INSTALLED_APPS += [ + # "django_extensions", + # ] + # ----------------------------------------------------------------------------- + + # DEBUG SETTINGS START + # ----------------------------------------------------------------------------- + DEBUG = False + # ----------------------------------------------------------------------------- + + REVIEW_HOST='http://backend-service.flows.svc.cluster.local:8000' + # ----------------------------------------------------------------------------- + # EXTERNAL SERVICES END + + WORKFLOWS_HOST = "http://workflows-api-service.workflow.svc.cluster.local:8000" + WORKFLOWS_URL = "http://workflows-api-service.workflow.svc.cluster.local:8000" + DOCUMENTATIONS_URL = "http://documentations-api.documentations.svc.cluster.local:8080" + RESOURCES_API_HOST = os.getenv("RESOURCES_API_HOST", default="http://resources-service.resources.svc.cluster:8000") + KAFKA_HOST = "wb-stage-kafka-bootstrap.kafka.svc.cluster.local:9093" + KAFKA_USERNAME = "sarex" + KAFKA_PASSWORD = "nK36sasvSfoItJnXQ4qxav2OUWIPX5ZC" + KAFKA_SSL_CAFILE = os.getenv("KAFKA_SSL_CAFILE", "/usr/local/share/ca-certificates/kafka.crt") + KAFKA_EAV_ASSETS_TOPIC = os.getenv("KAFKA_EAV_ASSETS_TOPIC", "sarex") + KAFKA_ISSUES_TOPIC = os.getenv("KAFKA_ISSUES_TOPIC", "sarex-issues") + + + USE_ASYNC_FUNCTIONS = True + USE_NOTIFICATIONS = True + + # JWT SETTINGS START + # --------------------------------------------------------------------------------------------------------------------- + SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer") + + SIMPLE_JWT = { + "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5), + "REFRESH_TOKEN_LIFETIME": timedelta(days=1), + "ROTATE_REFRESH_TOKENS": False, + "UPDATE_LAST_LOGIN": False, + + "ALGORITHM": "RS512", + "SIGNING_KEY": os.getenv("JWT_PRIVATE_KEY", default="").replace("\\n", "\n"), + "VERIFYING_KEY": os.getenv("JWT_PUBLIC_KEY").replace("\\n", "\n"), + "AUDIENCE": None, + "ISSUER": SIMPLE_JWT_ISSUER, + + "AUTH_HEADER_TYPES": ("Bearer",), + "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION", + "USER_ID_FIELD": "id", + "USER_ID_CLAIM": "user_id", + + "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",), + "TOKEN_TYPE_CLAIM": "token_type", + + "JTI_CLAIM": "jti", + + "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp", + "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5), + "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1), + } + # --------------------------------------------------------------------------------------------------------------------- + + CORS_ALLOWED_ORIGINS = [ + "https://lk.srx.wb.ru:30443", + ] + + CORS_TRUSTED_ORIGINS = [ + "https://lk.srx.wb.ru:30443", + ] + + CSRF_TRUSTED_ORIGINS = [ + "https://lk.srx.wb.ru:30443", + ] + + CORS_ALLOW_ALL_ORIGINS = True + ENABLE_MAILGUN=False + SMTP_PORT=465 + SMTP_HOST="mail.rwb.ru" + EMAIL_FROM="sarex@rwb.ru" + + CORS_ALLOW_METHODS = [ + "DELETE", + "GET", + "OPTIONS", + "PATCH", + "POST", + "PUT", + ] + + SAREX_API = "https://srx.wb.ru" + + AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API) + + BASE_AERO_URL = "http://backend.django.svc.cluster.local:8000" + + ENVIRONMENT = "production" + + SESSION_COOKIE_NAME = "issues-sessionid" + CSRF_COOKIE_NAME = "issues-csrftoken" + STATIC_URL = "/static/" + STORAGES = { + 'default': { + 'BACKEND': "storages.backends.s3boto3.S3Boto3Storage", + }, + 'staticfiles': { + # Leave whatever setting you already have here, e.g.: + 'BACKEND': "storages.backends.s3boto3.S3Boto3Storage", + } + } From 4ff245b46e5a4cf480382f7f947b7c564a07455c Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 16:02:05 +0500 Subject: [PATCH 23/23] ++ --- apps/issues/base/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/issues/base/kustomization.yaml b/apps/issues/base/kustomization.yaml index 2ba177b..3ece763 100644 --- a/apps/issues/base/kustomization.yaml +++ b/apps/issues/base/kustomization.yaml @@ -9,3 +9,4 @@ resources: - frontend-deployment.yaml - backend-service.yaml - frontend-service.yaml + - production-configmap.yaml