sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac

Browse Source
This commit is contained in:
Kochetkov S 2026-04-21 14:39:52 +03:00
commit a70bc9b0e6
88 changed files with 3851 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apps/cde/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: cde-svc
namespace: faas
spec:
type: ClusterIP
selector:
app: cde
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

40
apps/cde/base/cde-flowscallback.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde-flowscallback
namespace: cde
labels:
app: cde-flowscallback
service: cde-flowscallback
spec:
replicas: 1
selector:
matchLabels:
app: cde-flowscallback
template:
metadata:
labels:
app: cde-flowscallback
service: cde-flowscallback
spec:
containers:
- name: cde-flowscallback
image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_3.1.2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

40
apps/cde/base/cde-splitpdf.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde-splitpdf
namespace: cde
labels:
app: cde-splitpdf
service: cde-splitpdf
spec:
replicas: 1
selector:
matchLabels:
app: cde-splitpdf
template:
metadata:
labels:
app: cde-splitpdf
service: cde-splitpdf
spec:
containers:
- name: cde-splitpdf
image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_3.1.2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

40
apps/cde/base/cde-worker-copy.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde-worker-copy
namespace: cde
labels:
app: cde-worker-copy
service: cde-worker-copy
spec:
replicas: 1
selector:
matchLabels:
app: cde-worker-copy
template:
metadata:
labels:
app: cde-worker-copy
service: cde-worker-copy
spec:
containers:
- name: cde-worker-copy
image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:preprod_fd483601
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

40
apps/cde/base/cde-worker-create-versions.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde-worker-create-versions
namespace: cde
labels:
app: cde-worker-create-versions
service: cde-worker-create-versions
spec:
replicas: 1
selector:
matchLabels:
app: cde-worker-create-versions
template:
metadata:
labels:
app: cde-worker-create-versions
service: cde-worker-create-versions
spec:
containers:
- name: cde-worker-create-versions
image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:preprod_ec474ae7
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

40
apps/cde/base/cde-worker-markings.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde-worker-markings
namespace: cde
labels:
app: cde-worker-markings
service: cde-worker-markings
spec:
replicas: 1
selector:
matchLabels:
app: cde-worker-markings
template:
metadata:
labels:
app: cde-worker-markings
service: cde-worker-markings
spec:
containers:
- name: cde-worker-markings
image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:preprod_eb50f30e
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

40
apps/cde/base/cde-worker-sign.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde-worker-sign
namespace: cde
labels:
app: cde-worker-sign
service: cde-worker-sign
spec:
replicas: 1
selector:
matchLabels:
app: cde-worker-sign
template:
metadata:
labels:
app: cde-worker-sign
service: cde-worker-sign
spec:
containers:
- name: cde-worker-sign
image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:preprod_fd483601
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

40
apps/cde/base/cde-worker-update-bundles.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde-worker-update-bundles
namespace: cde
labels:
app: cde-worker-update-bundles
service: cde-worker-update-bundles
spec:
replicas: 1
selector:
matchLabels:
app: cde-worker-update-bundles
template:
metadata:
labels:
app: cde-worker-update-bundles
service: cde-worker-update-bundles
spec:
containers:
- name: cde-worker-update-bundles
image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_3.1.2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

40
apps/cde/base/cde.yaml Normal file
View File

@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cde
namespace: cde
labels:
app: cde
service: cde
spec:
replicas: 1
selector:
matchLabels:
app: cde
template:
metadata:
labels:
app: cde
service: cde
spec:
containers:
- name: api
image: cr.yandex/crp3ccidau046kdj8g9q/cde:preprod_ec474ae7
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: S3_IS_CONTOUR
value: "true"
envFrom:
- secretRef:
name: cde-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

15
apps/cde/base/kustomization.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cde
resources:
- namespace.yaml
- cde.yaml
- cde-splitpdf.yaml
- backend-service.yaml
- cde-flowscallback.yaml
- cde-worker-copy.yaml
- cde-worker-create-versions.yaml
- cde-worker-markings.yaml
- cde-worker-sign.yaml
- cde-worker-update-bundles.yaml

7
apps/cde/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cde
labels:
istio-injection: enabled

10
apps/cde/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: frontend

8
apps/cde/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: cde
spec:
replicas: 1

33
apps/document-link/base/deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: document-link
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
version: stable
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:wb_cb2027ce
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
imagePullSecrets:
- name: regcred

8
apps/document-link/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: document-link
resources:
- namespace.yaml
- deployment.yaml
- service.yaml

7
apps/document-link/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: document-link
labels:
istio-injection: enabled

15
apps/document-link/base/service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: document-link
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

10
apps/document-link/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: frontend

8
apps/document-link/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: document-link
spec:
replicas: 1

188
apps/documentations/base/api-deployment.yaml Normal file
View File

@ -0,0 +1,188 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: documentations-api
namespace: documentations
labels:
app: documentations-api
service: documentations-api
spec:
replicas: 1
selector:
matchLabels:
app: documentations-api
template:
metadata:
labels:
app: documentations-api
service: documentations-api
spec:
volumes:
- name: documentations-yc-s3-secret
secret:
defaultMode: 420
secretName: documentations-yc-s3
- name: zitadel-account
secret:
defaultMode: 420
secretName: zitadel-account
containers:
- name: documentations-api
image: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_a9990430
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: PUBLIC_KEY
valueFrom:
secretKeyRef:
key: key
name: public-key
- name: POSTGRES_POOL_SIZE
value: "20"
- name: ZITADEL_ACCOUNT
value: /etc/sarex/zitadel/zitadel-account.json
- name: ZITADEL_DOMAIN
value: zitadel-srx.wb.ru
- name: USE_ZITADEL
value: "1"
- name: FLOWS_URL
value: http://backend-service.flows.svc.cluster.local:8000
- name: LAST_MASTER_BIM
value: "36311"
- name: API_ADDRESS
value: 0.0.0.0:8080
- name: API_ADDRESS_FILE
value: 0.0.0.0:8080
- name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
valueFrom:
secretKeyRef:
key: secret
name: yc-jwt-secret
- name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
value: "5"
- name: ENABLE_SQL_QUERY
value: "0"
- name: ENABLE_SSL
value: "0"
- name: WORKSPACE_V2_EXTERNAL_URL
value: https://srx.wb.ru/workspaces-v2/
- name: ENABLE_S3
value: "1"
- name: CONTAINER_REGISTRY
value: cr.yandex/crp3ccidau046kdj8g9q
- name: ENVIRONMENT
value: production
- name: LAST_SLAVE_1_BIM
value: "1000000"
- name: HOST
value: http://documentations-api.documentations.svc.cluster.local:8080
- name: FILE_STREAM_HOST
value: srx.wb.ru
- name: DOCUMENTATION_URL
value: http://documentations-api.documentations.svc.cluster.local:8080/
- name: WORKFLOW_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000/
- name: WORKSPACE_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/
- name: BIM_API_URL
value: http://bim-api-service.bim.svc.cluster.local:8080/
- name: BIM_API_V2_URL
value: http://backend-service.bim.svc.cluster.local:8000/
- name: WORKSPACE_BUNDLE_VERSION
value: v1
- name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000
- name: MARKS_PROCESSING_URL
value: http://marks-service:8000
- name: PUBLIC_LINK_HOST
value: https://document-link-srx.wb.ru
- name: NAMESPACE
value: documentations
- name: DJANGO_ORIGINATOR
value: docs_prod
- name: WORKFLOW_IMAGES_VERSION
value: master
- name: WORKFLOWS_IMAGES_VERSION
value: master
- name: S3_SERVICE_ACCOUNT
value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value: 6h
- name: CACHE_DEFAULT_EXPIRATION
value: 60s
- name: ENABLE_SMTP
value: "True"
- name: ENABLE_MAILGUN
value: "False"
- name: CACHE_CLEANUP_INTERVAL
value: 60s
- name: ENABLE_AUTH_JWT_IN_URL
value: "false"
- name: ENABLE_SIGNATURE_IN_URL
value: "true"
- name: USE_CACHE_IN_FILE_STREAMER
value: "0"
- name: VALKEY_ADDR
value: redis:6379
- name: VALKEY_HOST
value: redis
- name: VALKEY_PORT
value: "6379"
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: POSTGRES_ADDRESS
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DJANGO_BASIC_AUTH
valueFrom:
secretKeyRef:
key: key
name: django-auth
- name: DJANGO_BASIC_AUTH_FOR_GET_USER
valueFrom:
secretKeyRef:
key: key
name: django-auth
resources:
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- mountPath: /etc/sarex/yc-s3-storage
name: documentations-yc-s3-secret
readOnly: true
- mountPath: /etc/sarex/zitadel
name: zitadel-account
readOnly: true
imagePullSecrets:
- name: regcred

15
apps/documentations/base/api-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-api-svc
namespace: documentations
spec:
type: ClusterIP
selector:
app: documentations-api
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

188
apps/documentations/base/filestream-deployment.yaml Normal file
View File

@ -0,0 +1,188 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: documentations-filestream
namespace: documentations
labels:
app: documentations-filestream
service: documentations-filestream
spec:
replicas: 1
selector:
matchLabels:
app: documentations-filestream
template:
metadata:
labels:
app: documentations-filestream
service: documentations-filestream
spec:
volumes:
- name: documentations-yc-s3-secret
secret:
defaultMode: 420
secretName: documentations-yc-s3
- name: zitadel-account
secret:
defaultMode: 420
secretName: zitadel-account
containers:
- name: documentations-filestream
image: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_a9990430
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: PUBLIC_KEY
valueFrom:
secretKeyRef:
key: key
name: public-key
- name: POSTGRES_POOL_SIZE
value: "20"
- name: ZITADEL_ACCOUNT
value: /etc/sarex/zitadel/zitadel-account.json
- name: ZITADEL_DOMAIN
value: zitadel-srx.wb.ru
- name: USE_ZITADEL
value: "1"
- name: FLOWS_URL
value: http://backend-service.flows.svc.cluster.local:8000
- name: LAST_MASTER_BIM
value: "36311"
- name: API_ADDRESS
value: 0.0.0.0:8080
- name: API_ADDRESS_FILE
value: 0.0.0.0:8080
- name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
valueFrom:
secretKeyRef:
key: secret
name: yc-jwt-secret
- name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
value: "5"
- name: ENABLE_SQL_QUERY
value: "0"
- name: ENABLE_SSL
value: "0"
- name: WORKSPACE_V2_EXTERNAL_URL
value: https://srx.wb.ru/workspaces-v2/
- name: ENABLE_S3
value: "1"
- name: CONTAINER_REGISTRY
value: cr.yandex/crp3ccidau046kdj8g9q
- name: ENVIRONMENT
value: production
- name: LAST_SLAVE_1_BIM
value: "1000000"
- name: HOST
value: http://documentations-api.documentations.svc.cluster.local:8080
- name: FILE_STREAM_HOST
value: srx.wb.ru
- name: DOCUMENTATION_URL
value: http://documentations-api.documentations.svc.cluster.local:8080/
- name: WORKFLOW_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000/
- name: WORKSPACE_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/
- name: BIM_API_URL
value: http://bim-api-service.bim.svc.cluster.local:8080/
- name: BIM_API_V2_URL
value: http://backend-service.bim.svc.cluster.local:8000/
- name: WORKSPACE_BUNDLE_VERSION
value: v1
- name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000
- name: MARKS_PROCESSING_URL
value: http://marks-service:8000
- name: PUBLIC_LINK_HOST
value: https://document-link-srx.wb.ru
- name: NAMESPACE
value: documentations
- name: DJANGO_ORIGINATOR
value: docs_prod
- name: WORKFLOW_IMAGES_VERSION
value: master
- name: WORKFLOWS_IMAGES_VERSION
value: master
- name: S3_SERVICE_ACCOUNT
value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value: 6h
- name: CACHE_DEFAULT_EXPIRATION
value: 60s
- name: ENABLE_SMTP
value: "True"
- name: ENABLE_MAILGUN
value: "False"
- name: CACHE_CLEANUP_INTERVAL
value: 60s
- name: ENABLE_AUTH_JWT_IN_URL
value: "false"
- name: ENABLE_SIGNATURE_IN_URL
value: "true"
- name: USE_CACHE_IN_FILE_STREAMER
value: "0"
- name: VALKEY_ADDR
value: redis:6379
- name: VALKEY_HOST
value: redis
- name: VALKEY_PORT
value: "6379"
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: POSTGRES_ADDRESS
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DJANGO_BASIC_AUTH
valueFrom:
secretKeyRef:
key: key
name: django-auth
- name: DJANGO_BASIC_AUTH_FOR_GET_USER
valueFrom:
secretKeyRef:
key: key
name: django-auth
resources:
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- mountPath: /etc/sarex/yc-s3-storage
name: documentations-yc-s3-secret
readOnly: true
- mountPath: /etc/sarex/zitadel
name: zitadel-account
readOnly: true
imagePullSecrets:
- name: regcred

15
apps/documentations/base/filestream-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-filestream-svc
namespace: documentations
spec:
type: ClusterIP
selector:
app: documentations-filestream
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

32
apps/documentations/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: documentations
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ce5555d3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
imagePullSecrets:
- name: regcred

15
apps/documentations/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: documentations
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

14
apps/documentations/base/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: documentations
resources:
- namespace.yaml
- api-deployment.yaml
- pdm-deployment.yaml
- filestream-deployment.yaml
- frontend-deployment.yaml
- api-service.yaml
- pdm-service.yaml
- filestream-service.yaml
- frontend-service.yaml

7
apps/documentations/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: documentations
labels:
istio-injection: enabled

198
apps/documentations/base/pdm-deployment.yaml Normal file
View File

@ -0,0 +1,198 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pdm-api
namespace: documentations
labels:
app: pdm-api
service: pdm-api
spec:
replicas: 1
selector:
matchLabels:
app: pdm-api
template:
metadata:
labels:
app: pdm-api
service: pdm-api
spec:
volumes:
- name: documentations-yc-s3-secret
secret:
defaultMode: 420
secretName: documentations-yc-s3
- name: zitadel-account
secret:
defaultMode: 420
secretName: zitadel-account
containers:
- name: pdm-api
image: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_38958427
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
env:
- name: USE_EXPERIMENTAL
value: "true"
- name: RELEASES_TOKEN
valueFrom:
secretKeyRef:
key: key
name: releases-token
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: POSTGRES_ADDRESS
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: POSTGRES_POOL_SIZE
value: "20"
- name: TRANSMITTALS_BASE_URL
value: mock
- name: DJANGO_BASIC_AUTH
valueFrom:
secretKeyRef:
key: key
name: django-auth
- name: PUBLIC_KEY
valueFrom:
secretKeyRef:
key: key
name: public-key
- name: API_ADDRESS
value: 0.0.0.0:8080
- name: API_ADDRESS_FILE
value: 0.0.0.0:8080
- name: BUCKET_NAME
value: attachments-storage
- name: API_HOST_PREFIX
value: /
- name: APP_NAME
value: pdm_v2
- name: APP_VERSION
value: 0.0.1
- name: ENABLE_PERMISSIONS_FILTER
value: "1"
- name: PERMISSIONS_FILTER_COMPANIES
value: '[1]'
- name: TRANSMITTALS_ENABLE
value: "false"
- name: DRAWINGS_INTERNAL_URL
value: http://drawings-api-service.drawings.svc.cluster.local:80
- name: ATTACHMENTS_URL
value: http://attachments-service.attachments.svc.cluster.local:8000
- name: BIM_API_V2_URL
value: http://backend-service.bim.svc.cluster.local:8000/
- name: BIM_V2_HOST
value: http://backend-service.bim.svc.cluster.local:8000/
- name: CACHE_CLEANUP_INTERVAL
value: 60s
- name: CACHE_DEFAULT_EXPIRATION
value: 60s
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000
- name: DJANGO_ORIGINATOR
value: docs_prod
- name: DOCUMENTATION_URL
value: http://documentations-api.documentations.svc.cluster.local:8080/
- name: EAV_URL
value: http://eav-service.eav.svc.cluster.local:8000
- name: ENABLE_OBSERVABILITY
value: "false"
- name: ENABLE_S3
value: "1"
- name: ENABLE_SSL
value: "0"
- name: ENVIRONMENT
value: prod
- name: FLOWS_URL
value: http://backend-service.flows.svc.cluster.local:8000
- name: HEIGHT_THUMB_ATTACHMENTS
value: "300"
- name: HEIGHT_THUMB_STATES
value: "73"
- name: HTTP_PORT
value: "8080"
- name: INSPECTIONS_URL
value: http://inspections-service.inspections.svc.cluster.local:80
- name: LOG_LEVEL
value: INFO
- name: NOTES_URL
- name: OBSERVABILITY_COLLECTOR_ENDPOINT
value: temp
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value: 6h
- name: RELEASES_URL
value: https://gitlab.com
- name: REMARKS_URL
value: http://remarks-static-service.remarks.svc.cluster.local:8080/remarks
- name: RESOURCES_URL
value: http://resources-service.resources.svc.cluster.local:8000
- name: S3_SERVICE_ACCOUNT
value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json
- name: STATES_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/
- name: SUBSCRIPTIONS_URL
value: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80
- name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000
- name: TARGET_URL
value: http://backend.django.svc.cluster.local:8000
- name: USE_CACHE_IN_FILE_STREAMER
value: "1"
- name: USE_SUBSCRIPTIONS
value: "false"
- name: WIDTH_THUMB_ATTACHMENTS
value: "300"
- name: WIDTH_THUMB_STATES
value: "120"
- name: WORKFLOWS_IMAGES_VERSION
value: master
- name: WORKFLOW_IMAGES_VERSION
value: master
- name: WORKFLOW_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000/
- name: WORKSPACE_BUNDLE_VERSION
value: v1
- name: WORKSPACE_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/
resources:
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- mountPath: /etc/sarex/yc-s3-storage
name: documentations-yc-s3-secret
readOnly: true
- mountPath: /etc/sarex/zitadel
name: zitadel-account
readOnly: true
imagePullSecrets:
- name: regcred

15
apps/documentations/base/pdm-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: pdm-svc
namespace: documentations
spec:
type: ClusterIP
selector:
app: pdm-api
ports:
- name: http
port: 80
targetPort: 8080
protocol: TCP

7
apps/documentations/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []

110
apps/documentations/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: documentations
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements,ltree,timescaledb,uuid-ossp"
databases:
- name: documentations_db
user: documentations
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

126
apps/eav/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,126 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: eav
labels:
app: backend
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
volumes:
- name: django-configmap
configMap:
name: django-configmap
items:
- key: production.py
path: production.py
defaultMode: 420
containers:
- name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: KAFKA_ENABLED
value: "False"
- name: ASSETS_TOPIC
value: sarex
- name: DJANGO_SETTINGS_MODULE
value: config.settings.production
- name: DJANGO_POSTGRES_DATABASE
value: eav_db
- name: YC_S3_ENDPOINT_URL
value: http://minio-svc.minio.svc.cluster.local:9000
- name: YC_S3_BUCKET_NAME
value: eav
- name: DJANGO_POSTGRES_HOST
valueFrom:
secretKeyRef:
name: postgresql-secret
key: hostname
- name: DJANGO_POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgresql-secret
key: username
- name: DJANGO_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secret
key: password
- name: DJANGO_POSTGRES_PORT
valueFrom:
secretKeyRef:
name: postgresql-secret
key: port
- name: JWT_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: backend-secret
key: ssh_private.key
- name: JWT_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: backend-secret
key: ssh_public.key
- name: YC_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: s3-secret
key: username
- name: YC_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: s3-secret
key: password
resources:
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: django-configmap
mountPath: /server/config/settings/production.py
subPath: production.py
livenessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 10
periodSeconds: 60
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/eav/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: eav
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

171
apps/eav/base/django-configmap.yaml Normal file
View File

@ -0,0 +1,171 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: django-configmap
namespace: eav
data:
production.py: |
# production.py
from .base import *
from datetime import timedelta
import os
from django.core.exceptions import ImproperlyConfigured
INSTALLED_APPS.append("corsheaders")
#MIDDLEWARE = ["corsheaders.middleware.CorsMiddleware"] + MIDDLEWARE
# DEBUG SETTINGS START
DEBUG = True
ALLOWED_HOSTS = ['*']
# DEBUG SETTINGS END
# DATABASE SETTINGS START
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": os.getenv("DJANGO_POSTGRES_DATABASE"),
"USER": os.getenv("DJANGO_POSTGRES_USER"),
"PASSWORD": os.getenv("DJANGO_POSTGRES_PASSWORD"),
"HOST": os.getenv("DJANGO_POSTGRES_HOST"),
"PORT": "5432",
}
}
# DATABASE SETTINGS END
# RESPONSE HEADERS START
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOWED_ORIGINS = [
"https://srx.wb.ru",
]
CORS_TRUSTED_ORIGINS = [
"https://srx.wb.ru",
]
CSRF_TRUSTED_ORIGINS = [
"https://srx.wb.ru",
]
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
)
CORS_ALLOW_HEADERS = (
'accept',
'accept-encoding',
'authorization',
'content-type',
'user-agent',
'x-csrftoken',
'x-requested-with',
'x-token',
'Bearer'
)
# RESPONSE HEADERS END
REST_FRAMEWORK = {
"DEFAULT_PAGINATION_CLASS": (
"rest_framework.pagination.LimitOffsetPagination"
),
"DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema",
"PAGE_SIZE": 10000,
"DEFAULT_FILTER_BACKENDS": [
"django_filters.rest_framework.DjangoFilterBackend"
],
"DEFAULT_AUTHENTICATION_CLASSES": [
"core.auth.ZitadelJWTAuthentication",
"rest_framework_simplejwt.authentication.JWTAuthentication",
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.BasicAuthentication",
],
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.AllowAny",
]
}
# JWT SETTINGS START
def get_env_variable(var_name, default=None):
try:
return os.getenv(var_name, default)
except KeyError:
error_msg = f"Set the {var_name} environment variable"
if default:
return default
raise ImproperlyConfigured(error_msg)
SIMPLE_JWT_ISSUER = get_env_variable("SIMPLE_JWT_ISSUER", default="django")
SIMPLE_JWT = {
"ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
"REFRESH_TOKEN_LIFETIME": timedelta(days=1),
"ROTATE_REFRESH_TOKENS": False,
"UPDATE_LAST_LOGIN": False,
"ALGORITHM": "RS512",
"SIGNING_KEY": get_env_variable("JWT_PRIVATE_KEY").replace("\\\n", "\n"),
"VERIFYING_KEY": get_env_variable("JWT_PUBLIC_KEY").replace("\\\n", "\n"),
"AUDIENCE": None,
"ISSUER": SIMPLE_JWT_ISSUER,
"AUTH_HEADER_TYPES": ("Bearer",),
"AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
"USER_ID_FIELD": "id",
"USER_ID_CLAIM": "user_id",
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
"TOKEN_TYPE_CLAIM": "token_type",
"JTI_CLAIM": "jti",
"SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
"SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
"SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
}
# JWT SETTINGS END
STATIC_ROOT = '/static/'
STATIC_URL = '/static/'
STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
SESSION_COOKIE_NAME = 'eav-sessionid'
CSRF_COOKIE_NAME = 'eav-csrftoken'

9
apps/eav/base/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: eav
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml
- django-configmap.yaml

7
apps/eav/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: eav
labels:
istio-injection: enabled

11
apps/eav/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches:
- path: replicas.yaml
target:
kind: Deployment
name: comparisons

113
apps/eav/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: eav
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
requests:
memory: 512Mi
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis"
databases:
- name: eav_db
user: eav
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

8
apps/eav/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: eav
spec:
replicas: 1

15
apps/faas/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: export-reviews-svc
namespace: faas
spec:
type: ClusterIP
selector:
app: export-reviews
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

64
apps/faas/base/export-reviews.yaml Normal file
View File

@ -0,0 +1,64 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: export-reviews
namespace: faas
labels:
app: export-reviews
service: export-reviews
spec:
replicas: 1
selector:
matchLabels:
app: export-reviews
template:
metadata:
labels:
app: export-reviews
service: export-reviews
spec:
containers:
- name: api
image: cr.yandex/crp3ccidau046kdj8g9q/export-reviews:prod_c4cae4ee
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: BASE_HOST
value: https://sarex.contour.infra.sarex.tech
- name: DJANGO_HOST
value: https://sarex.contour.infra.sarex.tech
- name: REVIEWS_HOST
value: https://sarex.contour.infra.sarex.tech/flows
- name: GATEWAY_HOST
value: https://sarex.contour.infra.sarex.tech/gateway
- name: DOCUMENTATIONS_HOST
value: https://sarex.contour.infra.sarex.tech/documentations
- name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000
- name: TRANSMITTALS_INTERNAL_HOST
value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1
- name: DJANGO_TIMEOUT
value: "180"
- name: REVIEWS_TIMEOUT
value: "180"
- name: GATEWAY_TIMEOUT
value: "60"
- name: DOCUMENTATIONS_TIMEOUT
value: "60"
- name: EAV_TIMEOUT
value: "30"
- name: TRANSMITTALS_TIMEOUT
value: "30"
- name: TIMEOUT
value: "180"
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

8
apps/faas/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: faas
resources:
- namespace.yaml
- export-reviews.yaml
- backend-service.yaml

7
apps/faas/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: faas
labels:
istio-injection: enabled

10
apps/faas/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: frontend

8
apps/faas/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: faas
spec:
replicas: 1

177
apps/flows/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,177 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: flows
labels:
app: backend
service: backend
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
service: backend
spec:
containers:
- name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_2a439111
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: ADMIN_PANEL_SECRET_KEY
valueFrom:
secretKeyRef:
key: key
name: admin-secret
- name: JWT_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: public_key
name: jwt-secret
- name: LOG_LEVEL
value: DEBUG
- name: BASE_HOST
value: https://srx.wb.ru
- name: CELERY_QUEUE
value: flow
- name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000/api
- name: PLANNING_HOST
value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp
- name: PLANNING_USE
value: "True"
- name: DOCUMENTATION_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1
- name: DOCUMENTATION_EXTERNAL_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1
- name: ENABLE_ANALYTICS
value: "1"
- name: ENABLE_CELERY
value: "1"
- name: ENABLE_MAILGUN
value: "0"
- name: ENABLE_METRICS
value: "0"
- name: FROM_EMAIL
value: sarex@rwb.ru
- name: GATEWAY_URL
value: http://pdm-api.documentations.svc.cluster.local:8080
- name: RESOURCE_URL
value: http://resources-service.resources.svc.cluster.local:8000
- name: SERVICE_HOST
value: https://srx.wb.ru/flows/api/v1
- name: SMTP_HOST
value: mail.rwb.ru
- name: DOCUMENTATION_PG_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_DATABASE
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_USERNAME
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret-documentations
- name: CHECKLIST_HOST
value: http://checklists-backend-service.checklists.svc.cluster.local:80
- name: SMTP_PORT
value: "465"
- name: SYNC_RESOURCE_ID
value: "1"
- name: TIMEOUT
value: "120"
- name: WORKFLOWS_HOST
value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1
- name: WORKFLOWS_TIMEOUT
value: "60"
- name: DOCUMENTATION_TIMEOUT
value: "60"
- name: DJANGO_TOKEN
valueFrom:
secretKeyRef:
key: token
name: django-secret
- name: PG_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: PG_LOGIN
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: PG_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: PG_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: RABBITMQ_USERNAME
valueFrom:
secretKeyRef:
key: username
name: rabbitmq-secret
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: rabbitmq-secret
- name: RABBITMQ_VHOST
valueFrom:
secretKeyRef:
key: vhost
name: rabbitmq-secret
- name: RABBITMQ_HOST
valueFrom:
secretKeyRef:
key: hostname
name: rabbitmq-secret
- name: RABBITMQ_PORT
valueFrom:
secretKeyRef:
key: port
name: rabbitmq-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

15
apps/flows/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-svc
namespace: flows
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

185
apps/flows/base/celery-deployment.yaml Normal file
View File

@ -0,0 +1,185 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: celery
namespace: flows
labels:
app: celery
service: celery
spec:
replicas: 1
selector:
matchLabels:
app: celery
template:
metadata:
labels:
app: celery
service: celery
spec:
containers:
- name: celery
image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend_worker:production_2a439111
imagePullPolicy: IfNotPresent
command:
- uv
args:
- run
- celery
- -A
- config
- worker
- -l
- info
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: ADMIN_PANEL_SECRET_KEY
valueFrom:
secretKeyRef:
key: key
name: admin-secret
- name: JWT_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: public_key
name: jwt-secret
- name: LOG_LEVEL
value: DEBUG
- name: BASE_HOST
value: https://srx.wb.ru
- name: CELERY_QUEUE
value: flow
- name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000/api
- name: PLANNING_HOST
value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp
- name: PLANNING_USE
value: "True"
- name: DOCUMENTATION_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1
- name: DOCUMENTATION_EXTERNAL_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1
- name: ENABLE_ANALYTICS
value: "1"
- name: ENABLE_CELERY
value: "1"
- name: ENABLE_MAILGUN
value: "0"
- name: ENABLE_METRICS
value: "0"
- name: FROM_EMAIL
value: sarex@rwb.ru
- name: GATEWAY_URL
value: http://pdm-api.documentations.svc.cluster.local:8080
- name: RESOURCE_URL
value: http://resources-service.resources.svc.cluster.local:8000
- name: SERVICE_HOST
value: https://srx.wb.ru/flows/api/v1
- name: SMTP_HOST
value: mail.rwb.ru
- name: DOCUMENTATION_PG_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_DATABASE
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_USERNAME
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret-documentations
- name: DOCUMENTATION_PG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret-documentations
- name: CHECKLIST_HOST
value: http://checklists-backend-service.checklists.svc.cluster.local:80
- name: SMTP_PORT
value: "465"
- name: SYNC_RESOURCE_ID
value: "1"
- name: TIMEOUT
value: "120"
- name: WORKFLOWS_HOST
value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1
- name: WORKFLOWS_TIMEOUT
value: "60"
- name: DOCUMENTATION_TIMEOUT
value: "60"
- name: DJANGO_TOKEN
valueFrom:
secretKeyRef:
key: token
name: django-secret
- name: PG_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: PG_LOGIN
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: PG_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: PG_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: RABBITMQ_USERNAME
valueFrom:
secretKeyRef:
key: username
name: rabbitmq-secret
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: rabbitmq-secret
- name: RABBITMQ_VHOST
valueFrom:
secretKeyRef:
key: vhost
name: rabbitmq-secret
- name: RABBITMQ_HOST
valueFrom:
secretKeyRef:
key: hostname
name: rabbitmq-secret
- name: RABBITMQ_PORT
valueFrom:
secretKeyRef:
key: port
name: rabbitmq-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

32
apps/flows/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: flows
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_5b2bd144
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
imagePullSecrets:
- name: regcred

15
apps/flows/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: flows
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

11
apps/flows/base/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flows
resources:
- namespace.yaml
- backend-deployment.yaml
- celery-deployment.yaml
- frontend-deployment.yaml
- backend-service.yaml
- frontend-service.yaml

7
apps/flows/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: flows
labels:
istio-injection: enabled

7
apps/flows/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []

110
apps/flows/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: flows
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements"
databases:
- name: flows_db
user: flows
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

165
apps/issues/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,165 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: issues
labels:
app: backend
service: backend
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
service: backend
spec:
volumes:
- name: production-configmap
configMap:
name: production-configmap
items:
- key: production.py
path: production.py
defaultMode: 420
containers:
- name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: ENVIRONMENT
value: production
- name: AERO_PUBLIC_HOST
value: https://srx.wb.ru
- name: AERO_HOST
value: https://srx.wb.ru
- name: BASE_AERO_URL
value: https://srx.wb.ru
- name: BASE_AUTH_URL
value: http://backend.django.svc.cluster.local:8000
- name: WORKFLOWS_HOST
value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: WORKFLOWS_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: RESOURCES_API_HOST
value: http://resources-service.resources.svc.cluster.local:8000
- name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000
- name: SAREX_API
value: https://srx.wb.ru
- name: DOCUMENTATIONS_URL
value: http://documentations-api.documentations.svc.cluster.local:8080
- name: DJANGO_SETTINGS_MODULE
value: config.settings.production
- name: API_ADDRESS
value: "8000"
- name: YC_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: username
name: s3-secret
- name: YC_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: password
name: s3-secret
- name: YC_S3_BUCKET_NAME
valueFrom:
secretKeyRef:
key: bucket
name: s3-secret
- name: YC_S3_ENDPOINT_URL
valueFrom:
secretKeyRef:
key: host
name: s3-secret
- name: DJANGO_BASIC_AUTH
valueFrom:
secretKeyRef:
key: key
name: django-auth
- name: SAREX_USERNAME
valueFrom:
secretKeyRef:
key: username
name: sarex-auth
- name: SAREX_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: sarex-auth
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: RABBITMQ_VHOST
valueFrom:
secretKeyRef:
key: vhost
name: rabbitmq-secret
- name: RABBITMQ_USERNAME
valueFrom:
secretKeyRef:
key: username
name: rabbitmq-secret
- name: RABBITMQ_HOSTNAME
valueFrom:
secretKeyRef:
key: host
name: rabbitmq-secret
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: rabbitmq-secret
- name: JWT_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: ssh_private.key
name: backend-secret
- name: JWT_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: ssh_public.key
name: backend-secret
resources:
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- name: production-configmap
mountPath: /src/config/settings/production.py
subPath: production.py
imagePullSecrets:
- name: regcred

15
apps/issues/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-svc
namespace: issues
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

165
apps/issues/base/celery-deployment.yaml Normal file
View File

@ -0,0 +1,165 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: celery
namespace: issues
labels:
app: celery
service: celery
spec:
replicas: 1
selector:
matchLabels:
app: celery
template:
metadata:
labels:
app: celery
service: celery
spec:
volumes:
- name: production-configmap
configMap:
name: production-configmap
items:
- key: production.py
path: production.py
defaultMode: 420
containers:
- name: celery
image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa
imagePullPolicy: IfNotPresent
command: ["celery", "-A", "config", "worker", "-l", "info", "-E"]
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: ENVIRONMENT
value: production
- name: AERO_PUBLIC_HOST
value: https://srx.wb.ru
- name: AERO_HOST
value: https://srx.wb.ru
- name: BASE_AERO_URL
value: https://srx.wb.ru
- name: BASE_AUTH_URL
value: http://backend.django.svc.cluster.local:8000
- name: WORKFLOWS_HOST
value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: WORKFLOWS_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: RESOURCES_API_HOST
value: http://resources-service.resources.svc.cluster.local:8000
- name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000
- name: SAREX_API
value: https://srx.wb.ru
- name: DOCUMENTATIONS_URL
value: http://documentations-api.documentations.svc.cluster.local:8080
- name: DJANGO_SETTINGS_MODULE
value: config.settings.production
- name: API_ADDRESS
value: "8000"
- name: YC_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: username
name: s3-secret
- name: YC_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: password
name: s3-secret
- name: YC_S3_BUCKET_NAME
valueFrom:
secretKeyRef:
key: bucket
name: s3-secret
- name: YC_S3_ENDPOINT_URL
valueFrom:
secretKeyRef:
key: host
name: s3-secret
- name: DJANGO_BASIC_AUTH
valueFrom:
secretKeyRef:
key: key
name: django-auth
- name: SAREX_USERNAME
valueFrom:
secretKeyRef:
key: username
name: sarex-auth
- name: SAREX_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: sarex-auth
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: RABBITMQ_VHOST
valueFrom:
secretKeyRef:
key: vhost
name: rabbitmq-secret
- name: RABBITMQ_USERNAME
valueFrom:
secretKeyRef:
key: username
name: rabbitmq-secret
- name: RABBITMQ_HOSTNAME
valueFrom:
secretKeyRef:
key: host
name: rabbitmq-secret
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: rabbitmq-secret
- name: JWT_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: ssh_private.key
name: backend-secret
- name: JWT_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: ssh_public.key
name: backend-secret
resources:
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- name: production-configmap
mountPath: /src/config/settings/production.py
subPath: production.py
imagePullSecrets:
- name: regcred

32
apps/issues/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: issues
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:716a2b73
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
imagePullSecrets:
- name: regcred

15
apps/issues/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: issues
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

12
apps/issues/base/kustomization.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: issues
resources:
- namespace.yaml
- backend-deployment.yaml
- celery-deployment.yaml
- frontend-deployment.yaml
- backend-service.yaml
- frontend-service.yaml
- production-configmap.yaml

7
apps/issues/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: issues
labels:
istio-injection: enabled

140
apps/issues/base/production-configmap.yaml Normal file
View File

@ -0,0 +1,140 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: production-configmap
namespace: issues
data:
production.py: |
from datetime import timedelta
import os
from .base import *
# DEBUG SETTINGS START
# -----------------------------------------------------------------------------
DEBUG = True
# -----------------------------------------------------------------------------
TEST_MODE = False
# SECRETS SETTINGS START
# -----------------------------------------------------------------------------
SECRET_KEY = "FromToMuchLoveOfLiving" # Delete after Test
# -----------------------------------------------------------------------------
DJANGO_TOKEN="aGFnZW4wMTM6emVhbG90MDk2"
# ALLOWED HOSTS START
# -----------------------------------------------------------------------------
ALLOWED_HOSTS = ["*"]
# -----------------------------------------------------------------------------
# APPS SETTINGS START
# -----------------------------------------------------------------------------
# INSTALLED_APPS += [
# "django_extensions",
# ]
# -----------------------------------------------------------------------------
# DEBUG SETTINGS START
# -----------------------------------------------------------------------------
DEBUG = False
# -----------------------------------------------------------------------------
REVIEW_HOST='http://backend-service.flows.svc.cluster.local:8000'
# -----------------------------------------------------------------------------
# EXTERNAL SERVICES END
WORKFLOWS_HOST = "http://workflows-api-service.workflow.svc.cluster.local:8000"
WORKFLOWS_URL = "http://workflows-api-service.workflow.svc.cluster.local:8000"
DOCUMENTATIONS_URL = "http://documentations-api.documentations.svc.cluster.local:8080"
RESOURCES_API_HOST = os.getenv("RESOURCES_API_HOST", default="http://resources-service.resources.svc.cluster:8000")
KAFKA_HOST = "wb-stage-kafka-bootstrap.kafka.svc.cluster.local:9093"
KAFKA_USERNAME = "sarex"
KAFKA_PASSWORD = "nK36sasvSfoItJnXQ4qxav2OUWIPX5ZC"
KAFKA_SSL_CAFILE = os.getenv("KAFKA_SSL_CAFILE", "/usr/local/share/ca-certificates/kafka.crt")
KAFKA_EAV_ASSETS_TOPIC = os.getenv("KAFKA_EAV_ASSETS_TOPIC", "sarex")
KAFKA_ISSUES_TOPIC = os.getenv("KAFKA_ISSUES_TOPIC", "sarex-issues")
USE_ASYNC_FUNCTIONS = True
USE_NOTIFICATIONS = True
# JWT SETTINGS START
# ---------------------------------------------------------------------------------------------------------------------
SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer")
SIMPLE_JWT = {
"ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
"REFRESH_TOKEN_LIFETIME": timedelta(days=1),
"ROTATE_REFRESH_TOKENS": False,
"UPDATE_LAST_LOGIN": False,
"ALGORITHM": "RS512",
"SIGNING_KEY": os.getenv("JWT_PRIVATE_KEY", default="").replace("\\n", "\n"),
"VERIFYING_KEY": os.getenv("JWT_PUBLIC_KEY").replace("\\n", "\n"),
"AUDIENCE": None,
"ISSUER": SIMPLE_JWT_ISSUER,
"AUTH_HEADER_TYPES": ("Bearer",),
"AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
"USER_ID_FIELD": "id",
"USER_ID_CLAIM": "user_id",
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
"TOKEN_TYPE_CLAIM": "token_type",
"JTI_CLAIM": "jti",
"SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
"SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
"SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
}
# ---------------------------------------------------------------------------------------------------------------------
CORS_ALLOWED_ORIGINS = [
"https://lk.srx.wb.ru:30443",
]
CORS_TRUSTED_ORIGINS = [
"https://lk.srx.wb.ru:30443",
]
CSRF_TRUSTED_ORIGINS = [
"https://lk.srx.wb.ru:30443",
]
CORS_ALLOW_ALL_ORIGINS = True
ENABLE_MAILGUN=False
SMTP_PORT=465
SMTP_HOST="mail.rwb.ru"
EMAIL_FROM="sarex@rwb.ru"
CORS_ALLOW_METHODS = [
"DELETE",
"GET",
"OPTIONS",
"PATCH",
"POST",
"PUT",
]
SAREX_API = "https://srx.wb.ru"
AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API)
BASE_AERO_URL = "http://backend.django.svc.cluster.local:8000"
ENVIRONMENT = "production"
SESSION_COOKIE_NAME = "issues-sessionid"
CSRF_COOKIE_NAME = "issues-csrftoken"
STATIC_URL = "/static/"
STORAGES = {
'default': {
'BACKEND': "storages.backends.s3boto3.S3Boto3Storage",
},
'staticfiles': {
# Leave whatever setting you already have here, e.g.:
'BACKEND': "storages.backends.s3boto3.S3Boto3Storage",
}
}

7
apps/issues/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []

110
apps/issues/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: issues
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements"
databases:
- name: issues_db
user: issues
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

116
apps/resources/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,116 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: resources
labels:
app: backend
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
volumes:
- name: django-configmap
configMap:
name: django-configmap
items:
- key: production.py
path: production.py
defaultMode: 420
containers:
- name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/sarex-resources:prod_d642ef88
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: DJANGO_SETTINGS_MODULE
value: config.settings.production
- name: API_ADDRESS
value: "8000"
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: YC_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: username
name: s3-secret
- name: YC_S3_ENDPOINT_URL
valueFrom:
secretKeyRef:
key: host
name: s3-secret
- name: YC_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: password
name: s3-secret
- name: YC_S3_BUCKET_NAME
valueFrom:
secretKeyRef:
key: bucket
name: s3-secret
resources:
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: django-configmap
mountPath: /server/config/settings/production.py
subPath: production.py
livenessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 10
periodSeconds: 60
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/resources/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: resources
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

93
apps/resources/base/django-configmap.yaml Normal file
View File

@ -0,0 +1,93 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: django-configmap
namespace: resources
data:
production.py: |
import os
from .base import *
# DEBUG SETTINGS
# -----------------------------------------------------------------------------
DEBUG = False
# -----------------------------------------------------------------------------
# ALLOWED HOSTS
# -----------------------------------------------------------------------------
ALLOWED_HOSTS = ['*']
# -----------------------------------------------------------------------------
# SERVICE ACCOUNTS HOST
# -----------------------------------------------------------------------------
SERVICE_ACCOUNTS_HOST = os.getenv(
"SERVICE_ACCOUNTS_HOST",
default="http://backend.django.svc.cluster.local:8000/api/core"
)
# -----------------------------------------------------------------------------
# DATABASE CONFIGURATION
# -----------------------------------------------------------------------------
POSTGRES_DATABASE = os.getenv("DATABASE_NAME")
POSTGRES_USER = os.getenv("DATABASE_USER")
POSTGRES_PASSWORD = os.getenv("DATABASE_PASSWORD")
POSTGRES_HOST = os.getenv("DATABASE_HOST")
POSTGRES_PORT = os.getenv("DATABASE_PORT")
DATABASES = {
"default": {
"ENGINE": "django.contrib.gis.db.backends.postgis",
"NAME": POSTGRES_DATABASE,
"USER": POSTGRES_USER,
"PASSWORD": POSTGRES_PASSWORD,
"HOST": POSTGRES_HOST,
"PORT": POSTGRES_PORT,
}
}
# -----------------------------------------------------------------------------
# CORS SETTINGS
SAREX_ADMIN_USERNAME = "hagen013"
SAREX_ADMIN_PASSWORD = "zealot096"
SAREX_BASE_HOST = "http://backend.django.svc.cluster.local:8000"
# -----------------------------------------------------------------------------
CORS_ALLOWED_ORIGINS = [
"https://localhost:8000",
"https://localhost:8080",
"https://wb.sarex.ru",
"https://wb.sarex.ru.lonsdaleites.ru",
"https://srx.wb.ru",
]
CSRF_TRUSTED_ORIGINS = [
'https://localhost:8000',
'https://localhost:8080',
'https://wb.sarex.ru',
"https://wb.sarex.ru",
]
CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOW_METHODS = [
"DELETE",
"GET",
"OPTIONS",
"PATCH",
"POST",
"PUT",
]
# -----------------------------------------------------------------------------
# STATIC FILES
# -----------------------------------------------------------------------------
STATIC_ROOT = "/static/"
STATIC_URL = "/static/"
STATICFILES_STORAGE = "django.contrib.staticfiles.storage.StaticFilesStorage"
# -----------------------------------------------------------------------------
# COOKIE SETTINGS
# -----------------------------------------------------------------------------
SESSION_COOKIE_NAME = "resource-sessionid"
CSRF_COOKIE_NAME = "resource-csrftoken"
# -----------------------------------------------------------------------------

9
apps/resources/base/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: resources
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml
- django-configmap.yaml

7
apps/resources/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: resources
labels:
istio-injection: enabled

11
apps/resources/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches:
- path: replicas.yaml
target:
kind: Deployment
name: comparisons

113
apps/resources/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: resources
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
requests:
memory: 512Mi
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis"
databases:
- name: resources_db
user: resources
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

8
apps/resources/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: resources
spec:
replicas: 1

33
apps/stamp-verification/base/deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: stamp-verification
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
version: stable
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/stamp-verification-frontend:e11a8f90be462fc325ff99c8c35a8a418815c27b
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
imagePullSecrets:
- name: regcred

8
apps/stamp-verification/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: stamp-verification
resources:
- namespace.yaml
- deployment.yaml
- service.yaml

7
apps/stamp-verification/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: stamp-verification
labels:
istio-injection: enabled

15
apps/stamp-verification/base/service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: stamp-verification
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

10
apps/stamp-verification/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: frontend

8
apps/stamp-verification/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: stamp-verification
spec:
replicas: 1

104
apps/workspaces/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,104 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: workspaces-api
namespace: workspaces
labels:
app: workspaces-api
spec:
replicas: 1
selector:
matchLabels:
app: workspaces-api
template:
metadata:
labels:
app: workspaces-api
spec:
containers:
- name: workspaces-api
image: cr.yandex/crp3ccidau046kdj8g9q/workspaces:prod_4961b1f1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: POSTGRES_POOL_SIZE
value: "3"
- name: BUNDLES_RETRY_COUNT
value: "5"
- name: BUNDLES_NJOBS
value: "5"
- name: API_ADDRESS
value: 0.0.0.0:8000
- name: NAMESPACE
value: workspaces
- name: ENABLE_SQL_QUERY
value: "0"
- name: ENABLE_SSL
value: "0"
- name: DOCUMENTATION_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080
- name: DOCUMENTATION_LOGGER_FEATURE
value: "0"
- name: DOCUMENTATION_ORIGINATOR
value: prod_ws
- name: ENVIRONMENT
value: prod
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000
- name: DJANGO_ORIGINATOR
value: docs_prod
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: POSTGRES_ADDRESS
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DJANGO_BASIC_AUTH
valueFrom:
secretKeyRef:
key: key
name: django-auth
resources:
requests:
cpu: 100m
memory: 100Mi
livenessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 10
periodSeconds: 60
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/workspaces/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: workspaces
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

46
apps/workspaces/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,46 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: workspaces
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_7f95769f
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
livenessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/workspaces/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: workspaces
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

10
apps/workspaces/base/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: workspaces
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml
- frontend-deployment.yaml
- frontend-service.yaml

7
apps/workspaces/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: workspaces
labels:
istio-injection: enabled

11
apps/workspaces/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches:
- path: replicas.yaml
target:
kind: Deployment
name: comparisons

113
apps/workspaces/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: workspaces
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
requests:
memory: 512Mi
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements,uuid-ossp"
databases:
- name: workspaces_db
user: workspaces
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

8
apps/workspaces/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: workspaces
spec:
replicas: 1

11
clusters/yc-k8s-test/kustomization.yaml
View File

@ -23,4 +23,13 @@ resources:
- ../../apps/system-log/yc-k8s-test - ../../apps/system-log/yc-k8s-test
- ../../apps/remarks/yc-k8s-test - ../../apps/remarks/yc-k8s-test
- ../../apps/notes/yc-k8s-test - ../../apps/notes/yc-k8s-test
- ../../apps/pm/yc-k8s-test - ../../apps/pm/yc-k8s-test
- ../../apps/faas/yc-k8s-test
- ../../apps/stamp-verification/yc-k8s-test
- ../../apps/eav/yc-k8s-test
- ../../apps/resources/yc-k8s-test
- ../../apps/workspaces/yc-k8s-test
- ../../apps/cde/yc-k8s-test
- ../../apps/flows/yc-k8s-test
- ../../apps/issues/yc-k8s-test
- ../../apps/documentations/yc-k8s-test