Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac

2026-04-21 14:39:52 +03:00 · 2026-04-21 14:39:52 +03:00 · a70bc9b0e6
commit a70bc9b0e6
parent dccb4d6c62 4ff245b46e
88 changed files with 3851 additions and 1 deletions
--- a/apps/cde/base/backend-service.yaml
+++ b/apps/cde/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cde-svc
+  namespace: faas
+spec:
+  type: ClusterIP
+  selector:
+    app: cde
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8000
+      protocol: TCP
--- a/apps/cde/base/cde-flowscallback.yaml
+++ b/apps/cde/base/cde-flowscallback.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde-flowscallback
+  namespace: cde
+  labels:
+    app: cde-flowscallback
+    service: cde-flowscallback
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde-flowscallback
+  template:
+    metadata:
+      labels:
+        app: cde-flowscallback
+        service: cde-flowscallback
+    spec:
+      containers:
+        - name: cde-flowscallback
+          image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_3.1.2
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/cde-splitpdf.yaml
+++ b/apps/cde/base/cde-splitpdf.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde-splitpdf
+  namespace: cde
+  labels:
+    app: cde-splitpdf
+    service: cde-splitpdf
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde-splitpdf
+  template:
+    metadata:
+      labels:
+        app: cde-splitpdf
+        service: cde-splitpdf
+    spec:
+      containers:
+        - name: cde-splitpdf
+          image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_3.1.2
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/cde-worker-copy.yaml
+++ b/apps/cde/base/cde-worker-copy.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde-worker-copy
+  namespace: cde
+  labels:
+    app: cde-worker-copy
+    service: cde-worker-copy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde-worker-copy
+  template:
+    metadata:
+      labels:
+        app: cde-worker-copy
+        service: cde-worker-copy
+    spec:
+      containers:
+        - name: cde-worker-copy
+          image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:preprod_fd483601
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/cde-worker-create-versions.yaml
+++ b/apps/cde/base/cde-worker-create-versions.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde-worker-create-versions
+  namespace: cde
+  labels:
+    app: cde-worker-create-versions
+    service: cde-worker-create-versions
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde-worker-create-versions
+  template:
+    metadata:
+      labels:
+        app: cde-worker-create-versions
+        service: cde-worker-create-versions
+    spec:
+      containers:
+        - name: cde-worker-create-versions
+          image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:preprod_ec474ae7
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/cde-worker-markings.yaml
+++ b/apps/cde/base/cde-worker-markings.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde-worker-markings
+  namespace: cde
+  labels:
+    app: cde-worker-markings
+    service: cde-worker-markings
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde-worker-markings
+  template:
+    metadata:
+      labels:
+        app: cde-worker-markings
+        service: cde-worker-markings
+    spec:
+      containers:
+        - name: cde-worker-markings
+          image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:preprod_eb50f30e
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/cde-worker-sign.yaml
+++ b/apps/cde/base/cde-worker-sign.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde-worker-sign
+  namespace: cde
+  labels:
+    app: cde-worker-sign
+    service: cde-worker-sign
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde-worker-sign
+  template:
+    metadata:
+      labels:
+        app: cde-worker-sign
+        service: cde-worker-sign
+    spec:
+      containers:
+        - name: cde-worker-sign
+          image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:preprod_fd483601
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/cde-worker-update-bundles.yaml
+++ b/apps/cde/base/cde-worker-update-bundles.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde-worker-update-bundles
+  namespace: cde
+  labels:
+    app: cde-worker-update-bundles
+    service: cde-worker-update-bundles
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde-worker-update-bundles
+  template:
+    metadata:
+      labels:
+        app: cde-worker-update-bundles
+        service: cde-worker-update-bundles
+    spec:
+      containers:
+        - name: cde-worker-update-bundles
+          image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_3.1.2
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/cde.yaml
+++ b/apps/cde/base/cde.yaml
@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cde
+  namespace: cde
+  labels:
+    app: cde
+    service: cde
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cde
+  template:
+    metadata:
+      labels:
+        app: cde
+        service: cde
+    spec:
+      containers:
+        - name: api
+          image: cr.yandex/crp3ccidau046kdj8g9q/cde:preprod_ec474ae7
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: S3_IS_CONTOUR
+              value: "true"
+          envFrom:
+          - secretRef:
+              name: cde-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/cde/base/kustomization.yaml
+++ b/apps/cde/base/kustomization.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cde
+resources:
+  - namespace.yaml
+  - cde.yaml
+  - cde-splitpdf.yaml
+  - backend-service.yaml
+  - cde-flowscallback.yaml
+  - cde-worker-copy.yaml
+  - cde-worker-create-versions.yaml
+  - cde-worker-markings.yaml
+  - cde-worker-sign.yaml
+  - cde-worker-update-bundles.yaml
--- a/apps/cde/base/namespace.yaml
+++ b/apps/cde/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cde
+  labels:
+    istio-injection: enabled
--- a/apps/cde/yc-k8s-test/kustomization.yaml
+++ b/apps/cde/yc-k8s-test/kustomization.yaml
@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+patches: []
+#  - path: replicas.yaml
+#    target:
+#      kind: Deployment
+#      name: frontend
--- a/apps/cde/yc-k8s-test/replicas.yaml
+++ b/apps/cde/yc-k8s-test/replicas.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: cde
+spec:
+  replicas: 1
--- a/apps/document-link/base/deployment.yaml
+++ b/apps/document-link/base/deployment.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: document-link
+  labels:
+    app: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+        version: stable
+    spec:
+      containers:
+        - name: frontend
+          image: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:wb_cb2027ce
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/document-link/base/kustomization.yaml
+++ b/apps/document-link/base/kustomization.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: document-link
+resources:
+  - namespace.yaml
+  - deployment.yaml
+  - service.yaml
--- a/apps/document-link/base/namespace.yaml
+++ b/apps/document-link/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: document-link
+  labels:
+    istio-injection: enabled
--- a/apps/document-link/base/service.yaml
+++ b/apps/document-link/base/service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+  namespace: document-link
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
--- a/apps/document-link/yc-k8s-test/kustomization.yaml
+++ b/apps/document-link/yc-k8s-test/kustomization.yaml
@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+patches: []
+#  - path: replicas.yaml
+#    target:
+#      kind: Deployment
+#      name: frontend
--- a/apps/document-link/yc-k8s-test/replicas.yaml
+++ b/apps/document-link/yc-k8s-test/replicas.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: document-link
+spec:
+  replicas: 1
--- a/apps/documentations/base/api-deployment.yaml
+++ b/apps/documentations/base/api-deployment.yaml
@ -0,0 +1,188 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: documentations-api
+  namespace: documentations
+  labels:
+    app: documentations-api
+    service: documentations-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: documentations-api
+  template:
+    metadata:
+      labels:
+        app: documentations-api
+        service: documentations-api
+    spec:
+      volumes:
+        - name: documentations-yc-s3-secret
+          secret:
+            defaultMode: 420
+            secretName: documentations-yc-s3
+        - name: zitadel-account
+          secret:
+            defaultMode: 420
+            secretName: zitadel-account
+      containers:
+        - name: documentations-api
+          image: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_a9990430
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: public-key
+            - name: POSTGRES_POOL_SIZE
+              value: "20"
+            - name: ZITADEL_ACCOUNT
+              value: /etc/sarex/zitadel/zitadel-account.json
+            - name: ZITADEL_DOMAIN
+              value: zitadel-srx.wb.ru
+            - name: USE_ZITADEL
+              value: "1"
+            - name: FLOWS_URL
+              value: http://backend-service.flows.svc.cluster.local:8000
+            - name: LAST_MASTER_BIM
+              value: "36311"
+            - name: API_ADDRESS
+              value: 0.0.0.0:8080
+            - name: API_ADDRESS_FILE
+              value: 0.0.0.0:8080
+            - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: secret
+                  name: yc-jwt-secret
+            - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
+              value: "5"
+            - name: ENABLE_SQL_QUERY
+              value: "0"
+            - name: ENABLE_SSL
+              value: "0"
+            - name: WORKSPACE_V2_EXTERNAL_URL
+              value: https://srx.wb.ru/workspaces-v2/
+            - name: ENABLE_S3
+              value: "1"
+            - name: CONTAINER_REGISTRY
+              value: cr.yandex/crp3ccidau046kdj8g9q
+            - name: ENVIRONMENT
+              value: production
+            - name: LAST_SLAVE_1_BIM
+              value: "1000000"
+            - name: HOST
+              value: http://documentations-api.documentations.svc.cluster.local:8080
+            - name: FILE_STREAM_HOST
+              value: srx.wb.ru
+            - name: DOCUMENTATION_URL
+              value: http://documentations-api.documentations.svc.cluster.local:8080/
+            - name: WORKFLOW_URL
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000/
+            - name: WORKSPACE_URL
+              value: http://workspaces-service.workspaces.svc.cluster.local:8000/
+            - name: BIM_API_URL
+              value: http://bim-api-service.bim.svc.cluster.local:8080/
+            - name: BIM_API_V2_URL
+              value: http://backend-service.bim.svc.cluster.local:8000/
+            - name: WORKSPACE_BUNDLE_VERSION
+              value: v1
+            - name: SYSTEM_LOG_URL
+              value: http://api-service.system-log.svc.cluster.local:8000
+            - name: DJANGO_HOST
+              value: http://backend.django.svc.cluster.local:8000
+            - name: MARKS_PROCESSING_URL
+              value: http://marks-service:8000
+            - name: PUBLIC_LINK_HOST
+              value: https://document-link-srx.wb.ru
+            - name: NAMESPACE
+              value: documentations
+            - name: DJANGO_ORIGINATOR
+              value: docs_prod
+            - name: WORKFLOW_IMAGES_VERSION
+              value: master
+            - name: WORKFLOWS_IMAGES_VERSION
+              value: master
+            - name: S3_SERVICE_ACCOUNT
+              value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json
+            - name: READ_WRITE_TIMEOUT_FILE_STREAM
+              value: 6h
+            - name: CACHE_DEFAULT_EXPIRATION
+              value: 60s
+            - name: ENABLE_SMTP
+              value: "True"
+            - name: ENABLE_MAILGUN
+              value: "False"
+            - name: CACHE_CLEANUP_INTERVAL
+              value: 60s
+            - name: ENABLE_AUTH_JWT_IN_URL
+              value: "false"
+            - name: ENABLE_SIGNATURE_IN_URL
+              value: "true"
+            - name: USE_CACHE_IN_FILE_STREAMER
+              value: "0"
+            - name: VALKEY_ADDR
+              value: redis:6379
+            - name: VALKEY_HOST
+              value: redis
+            - name: VALKEY_PORT
+              value: "6379"
+      
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: POSTGRES_ADDRESS
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: DJANGO_BASIC_AUTH
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+            - name: DJANGO_BASIC_AUTH_FOR_GET_USER
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+
+
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+          volumeMounts:
+            - mountPath: /etc/sarex/yc-s3-storage
+              name: documentations-yc-s3-secret
+              readOnly: true
+            - mountPath: /etc/sarex/zitadel
+              name: zitadel-account
+              readOnly: true
+
+      imagePullSecrets:
+        - name: regcred
--- a/apps/documentations/base/api-service.yaml
+++ b/apps/documentations/base/api-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-api-svc
+  namespace: documentations
+spec:
+  type: ClusterIP
+  selector:
+    app: documentations-api
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8000
+      protocol: TCP
--- a/apps/documentations/base/filestream-deployment.yaml
+++ b/apps/documentations/base/filestream-deployment.yaml
@ -0,0 +1,188 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: documentations-filestream
+  namespace: documentations
+  labels:
+    app: documentations-filestream
+    service: documentations-filestream
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: documentations-filestream
+  template:
+    metadata:
+      labels:
+        app: documentations-filestream
+        service: documentations-filestream
+    spec:
+      volumes:
+        - name: documentations-yc-s3-secret
+          secret:
+            defaultMode: 420
+            secretName: documentations-yc-s3
+        - name: zitadel-account
+          secret:
+            defaultMode: 420
+            secretName: zitadel-account
+      containers:
+        - name: documentations-filestream
+          image: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_a9990430
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: public-key
+            - name: POSTGRES_POOL_SIZE
+              value: "20"
+            - name: ZITADEL_ACCOUNT
+              value: /etc/sarex/zitadel/zitadel-account.json
+            - name: ZITADEL_DOMAIN
+              value: zitadel-srx.wb.ru
+            - name: USE_ZITADEL
+              value: "1"
+            - name: FLOWS_URL
+              value: http://backend-service.flows.svc.cluster.local:8000
+            - name: LAST_MASTER_BIM
+              value: "36311"
+            - name: API_ADDRESS
+              value: 0.0.0.0:8080
+            - name: API_ADDRESS_FILE
+              value: 0.0.0.0:8080
+            - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: secret
+                  name: yc-jwt-secret
+            - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
+              value: "5"
+            - name: ENABLE_SQL_QUERY
+              value: "0"
+            - name: ENABLE_SSL
+              value: "0"
+            - name: WORKSPACE_V2_EXTERNAL_URL
+              value: https://srx.wb.ru/workspaces-v2/
+            - name: ENABLE_S3
+              value: "1"
+            - name: CONTAINER_REGISTRY
+              value: cr.yandex/crp3ccidau046kdj8g9q
+            - name: ENVIRONMENT
+              value: production
+            - name: LAST_SLAVE_1_BIM
+              value: "1000000"
+            - name: HOST
+              value: http://documentations-api.documentations.svc.cluster.local:8080
+            - name: FILE_STREAM_HOST
+              value: srx.wb.ru
+            - name: DOCUMENTATION_URL
+              value: http://documentations-api.documentations.svc.cluster.local:8080/
+            - name: WORKFLOW_URL
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000/
+            - name: WORKSPACE_URL
+              value: http://workspaces-service.workspaces.svc.cluster.local:8000/
+            - name: BIM_API_URL
+              value: http://bim-api-service.bim.svc.cluster.local:8080/
+            - name: BIM_API_V2_URL
+              value: http://backend-service.bim.svc.cluster.local:8000/
+            - name: WORKSPACE_BUNDLE_VERSION
+              value: v1
+            - name: SYSTEM_LOG_URL
+              value: http://api-service.system-log.svc.cluster.local:8000
+            - name: DJANGO_HOST
+              value: http://backend.django.svc.cluster.local:8000
+            - name: MARKS_PROCESSING_URL
+              value: http://marks-service:8000
+            - name: PUBLIC_LINK_HOST
+              value: https://document-link-srx.wb.ru
+            - name: NAMESPACE
+              value: documentations
+            - name: DJANGO_ORIGINATOR
+              value: docs_prod
+            - name: WORKFLOW_IMAGES_VERSION
+              value: master
+            - name: WORKFLOWS_IMAGES_VERSION
+              value: master
+            - name: S3_SERVICE_ACCOUNT
+              value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json
+            - name: READ_WRITE_TIMEOUT_FILE_STREAM
+              value: 6h
+            - name: CACHE_DEFAULT_EXPIRATION
+              value: 60s
+            - name: ENABLE_SMTP
+              value: "True"
+            - name: ENABLE_MAILGUN
+              value: "False"
+            - name: CACHE_CLEANUP_INTERVAL
+              value: 60s
+            - name: ENABLE_AUTH_JWT_IN_URL
+              value: "false"
+            - name: ENABLE_SIGNATURE_IN_URL
+              value: "true"
+            - name: USE_CACHE_IN_FILE_STREAMER
+              value: "0"
+            - name: VALKEY_ADDR
+              value: redis:6379
+            - name: VALKEY_HOST
+              value: redis
+            - name: VALKEY_PORT
+              value: "6379"
+      
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: POSTGRES_ADDRESS
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: DJANGO_BASIC_AUTH
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+            - name: DJANGO_BASIC_AUTH_FOR_GET_USER
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+
+
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+          volumeMounts:
+            - mountPath: /etc/sarex/yc-s3-storage
+              name: documentations-yc-s3-secret
+              readOnly: true
+            - mountPath: /etc/sarex/zitadel
+              name: zitadel-account
+              readOnly: true
+
+      imagePullSecrets:
+        - name: regcred
--- a/apps/documentations/base/filestream-service.yaml
+++ b/apps/documentations/base/filestream-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-filestream-svc
+  namespace: documentations
+spec:
+  type: ClusterIP
+  selector:
+    app: documentations-filestream
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8000
+      protocol: TCP
--- a/apps/documentations/base/frontend-deployment.yaml
+++ b/apps/documentations/base/frontend-deployment.yaml
@ -0,0 +1,32 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: documentations
+  labels:
+    app: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+        - name: frontend
+          image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ce5555d3
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/documentations/base/frontend-service.yaml
+++ b/apps/documentations/base/frontend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+  namespace: documentations
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
--- a/apps/documentations/base/kustomization.yaml
+++ b/apps/documentations/base/kustomization.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: documentations
+resources:
+  - namespace.yaml
+  - api-deployment.yaml
+  - pdm-deployment.yaml
+  - filestream-deployment.yaml
+  - frontend-deployment.yaml
+  - api-service.yaml
+  - pdm-service.yaml
+  - filestream-service.yaml
+  - frontend-service.yaml
--- a/apps/documentations/base/namespace.yaml
+++ b/apps/documentations/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: documentations
+  labels:
+    istio-injection: enabled
--- a/apps/documentations/base/pdm-deployment.yaml
+++ b/apps/documentations/base/pdm-deployment.yaml
@ -0,0 +1,198 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pdm-api
+  namespace: documentations
+  labels:
+    app: pdm-api
+    service: pdm-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pdm-api
+  template:
+    metadata:
+      labels:
+        app: pdm-api
+        service: pdm-api
+    spec:
+      volumes:
+        - name: documentations-yc-s3-secret
+          secret:
+            defaultMode: 420
+            secretName: documentations-yc-s3
+        - name: zitadel-account
+          secret:
+            defaultMode: 420
+            secretName: zitadel-account
+      containers:
+        - name: pdm-api
+          image: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_38958427
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          env:
+            - name: USE_EXPERIMENTAL
+              value: "true"
+            - name: RELEASES_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: releases-token
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: POSTGRES_ADDRESS
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: POSTGRES_POOL_SIZE
+              value: "20"
+            - name: TRANSMITTALS_BASE_URL
+              value: mock
+            - name: DJANGO_BASIC_AUTH
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+            - name: PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: public-key
+            - name: API_ADDRESS
+              value: 0.0.0.0:8080
+            - name: API_ADDRESS_FILE
+              value: 0.0.0.0:8080
+            - name: BUCKET_NAME
+              value: attachments-storage
+            - name: API_HOST_PREFIX
+              value: /
+            - name: APP_NAME
+              value: pdm_v2
+            - name: APP_VERSION
+              value: 0.0.1
+            - name: ENABLE_PERMISSIONS_FILTER
+              value: "1"
+            - name: PERMISSIONS_FILTER_COMPANIES
+              value: '[1]'
+            - name: TRANSMITTALS_ENABLE
+              value: "false"
+            - name: DRAWINGS_INTERNAL_URL
+              value: http://drawings-api-service.drawings.svc.cluster.local:80
+            - name: ATTACHMENTS_URL
+              value: http://attachments-service.attachments.svc.cluster.local:8000
+            - name: BIM_API_V2_URL
+              value: http://backend-service.bim.svc.cluster.local:8000/
+            - name: BIM_V2_HOST
+              value: http://backend-service.bim.svc.cluster.local:8000/
+            - name: CACHE_CLEANUP_INTERVAL
+              value: 60s
+            - name: CACHE_DEFAULT_EXPIRATION
+              value: 60s
+            - name: DJANGO_HOST
+              value: http://backend.django.svc.cluster.local:8000
+            - name: DJANGO_ORIGINATOR
+              value: docs_prod
+            - name: DOCUMENTATION_URL
+              value: http://documentations-api.documentations.svc.cluster.local:8080/
+            - name: EAV_URL
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: ENABLE_OBSERVABILITY
+              value: "false"
+            - name: ENABLE_S3
+              value: "1"
+            - name: ENABLE_SSL
+              value: "0"
+            - name: ENVIRONMENT
+              value: prod
+            - name: FLOWS_URL
+              value: http://backend-service.flows.svc.cluster.local:8000
+            - name: HEIGHT_THUMB_ATTACHMENTS
+              value: "300"
+            - name: HEIGHT_THUMB_STATES
+              value: "73"
+            - name: HTTP_PORT
+              value: "8080"
+            - name: INSPECTIONS_URL
+              value: http://inspections-service.inspections.svc.cluster.local:80
+            - name: LOG_LEVEL
+              value: INFO
+            - name: NOTES_URL
+            - name: OBSERVABILITY_COLLECTOR_ENDPOINT
+              value: temp
+            - name: READ_WRITE_TIMEOUT_FILE_STREAM
+              value: 6h
+            - name: RELEASES_URL
+              value: https://gitlab.com
+            - name: REMARKS_URL
+              value: http://remarks-static-service.remarks.svc.cluster.local:8080/remarks
+            - name: RESOURCES_URL
+              value: http://resources-service.resources.svc.cluster.local:8000
+            - name: S3_SERVICE_ACCOUNT
+              value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json
+            - name: STATES_URL
+              value: http://workspaces-service.workspaces.svc.cluster.local:8000/
+            - name: SUBSCRIPTIONS_URL
+              value: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80
+            - name: SYSTEM_LOG_URL
+              value: http://api-service.system-log.svc.cluster.local:8000
+            - name: TARGET_URL
+              value: http://backend.django.svc.cluster.local:8000
+            - name: USE_CACHE_IN_FILE_STREAMER
+              value: "1"
+            - name: USE_SUBSCRIPTIONS
+              value: "false"
+            - name: WIDTH_THUMB_ATTACHMENTS
+              value: "300"
+            - name: WIDTH_THUMB_STATES
+              value: "120"
+            - name: WORKFLOWS_IMAGES_VERSION
+              value: master
+            - name: WORKFLOW_IMAGES_VERSION
+              value: master
+            - name: WORKFLOW_URL
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000/
+            - name: WORKSPACE_BUNDLE_VERSION
+              value: v1
+            - name: WORKSPACE_URL
+              value: http://workspaces-service.workspaces.svc.cluster.local:8000/
+
+
+
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+          volumeMounts:
+            - mountPath: /etc/sarex/yc-s3-storage
+              name: documentations-yc-s3-secret
+              readOnly: true
+            - mountPath: /etc/sarex/zitadel
+              name: zitadel-account
+              readOnly: true
+
+      imagePullSecrets:
+        - name: regcred
--- a/apps/documentations/base/pdm-service.yaml
+++ b/apps/documentations/base/pdm-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pdm-svc
+  namespace: documentations
+spec:
+  type: ClusterIP
+  selector:
+    app: pdm-api
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080
+      protocol: TCP
--- a/apps/documentations/yc-k8s-test/kustomization.yaml
+++ b/apps/documentations/yc-k8s-test/kustomization.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+  - postgresql.yaml
+patches: []
--- a/apps/documentations/yc-k8s-test/postgresql.yaml
+++ b/apps/documentations/yc-k8s-test/postgresql.yaml
@ -0,0 +1,110 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: documentations
+spec:
+  interval: 5m
+  timeout: 2h
+  chart:
+    spec:
+      chart: postgresql-contour
+      version: "17.0.2"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+
+  install:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  upgrade:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+      defaultStorageClass: local-path
+      postgresql:
+        auth:
+          username: ""
+          database: ""
+          secretKeys:
+            userPasswordKey: "postgres-password"
+    auth:
+      username: ""
+      database: ""
+      secretKeys:
+        userPasswordKey: "postgres-password"
+    image:
+      registry: cr.yandex/crp3ccidau046kdj8g9q
+      repository: contour/postgresql
+      tag: 17.0.2
+      pullPolicy: Always
+    metrics:
+      enabled: false
+      prometheusRule:
+        enabled: false
+    primary:
+      containerSecurityContext:
+        readOnlyRootFilesystem: false
+      persistence:
+        storageClass: local-path
+        size: 20Gi
+      customLivenessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customReadinessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 5
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customStartupProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      nodeSelector:
+        dedicated: db
+      tolerations:
+        - key: dedicated
+          operator: Equal
+          value: db
+          effect: NoSchedule
+    contour:
+      enabled: true
+      adminUser: ""
+      adminPasswordSecretKey: ""
+      sharedPreloadLibraries: "pg_stat_statements,ltree,timescaledb,uuid-ossp"
+      databases:
+        - name: documentations_db
+          user: documentations
+          extensions: []
+          restoreFromDump: false
+      s3-proxy:
+        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
--- a/apps/eav/base/backend-deployment.yaml
+++ b/apps/eav/base/backend-deployment.yaml
@ -0,0 +1,126 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: eav
+  labels:
+    app: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+    spec:
+      volumes:
+        - name: django-configmap
+          configMap:
+            name: django-configmap
+            items:
+              - key: production.py
+                path: production.py
+          defaultMode: 420
+
+      containers:
+        - name: backend
+          image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247
+          imagePullPolicy: IfNotPresent
+
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+
+          env:
+            - name: KAFKA_ENABLED
+              value: "False"
+            - name: ASSETS_TOPIC
+              value: sarex
+            - name: DJANGO_SETTINGS_MODULE
+              value: config.settings.production
+            - name: DJANGO_POSTGRES_DATABASE
+              value: eav_db
+            - name: YC_S3_ENDPOINT_URL
+              value: http://minio-svc.minio.svc.cluster.local:9000
+            - name: YC_S3_BUCKET_NAME
+              value: eav
+
+            - name: DJANGO_POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: postgresql-secret
+                  key: hostname
+
+            - name: DJANGO_POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgresql-secret
+                  key: username
+
+            - name: DJANGO_POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgresql-secret
+                  key: password
+
+            - name: DJANGO_POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: postgresql-secret
+                  key: port
+
+            - name: JWT_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: backend-secret
+                  key: ssh_private.key
+
+            - name: JWT_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: backend-secret
+                  key: ssh_public.key
+
+            - name: YC_S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: username
+
+            - name: YC_S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: password
+
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+
+          volumeMounts:
+            - name: django-configmap
+              mountPath: /server/config/settings/production.py
+              subPath: production.py
+
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 10
+            periodSeconds: 60
+            failureThreshold: 10
+
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 20
+
+      imagePullSecrets:
+        - name: regcred
--- a/apps/eav/base/backend-service.yaml
+++ b/apps/eav/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-service
+  namespace: eav
+spec:
+  type: ClusterIP
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 8000
+      targetPort: 8000
+      protocol: TCP
--- a/apps/eav/base/django-configmap.yaml
+++ b/apps/eav/base/django-configmap.yaml
@ -0,0 +1,171 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: django-configmap
+  namespace: eav
+data:
+  production.py: |
+    # production.py
+
+
+    from .base import *
+
+    from datetime import timedelta
+
+    import os
+
+    from django.core.exceptions import ImproperlyConfigured
+
+
+    INSTALLED_APPS.append("corsheaders")
+
+    #MIDDLEWARE = ["corsheaders.middleware.CorsMiddleware"] + MIDDLEWARE
+
+
+    # DEBUG SETTINGS START
+
+    DEBUG = True
+
+    ALLOWED_HOSTS = ['*']
+
+    # DEBUG SETTINGS END
+
+
+    # DATABASE SETTINGS START
+
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.postgresql",
+            "NAME": os.getenv("DJANGO_POSTGRES_DATABASE"),
+            "USER": os.getenv("DJANGO_POSTGRES_USER"),
+            "PASSWORD": os.getenv("DJANGO_POSTGRES_PASSWORD"),
+            "HOST": os.getenv("DJANGO_POSTGRES_HOST"),
+            "PORT": "5432",
+        }
+    }
+
+    # DATABASE SETTINGS END
+
+
+    # RESPONSE HEADERS START
+
+
+    CORS_ORIGIN_ALLOW_ALL = True
+
+
+    CORS_ALLOWED_ORIGINS = [
+        "https://srx.wb.ru",
+    ]
+
+
+    CORS_TRUSTED_ORIGINS = [
+        "https://srx.wb.ru",
+    ]
+
+
+    CSRF_TRUSTED_ORIGINS = [
+        "https://srx.wb.ru",
+    ]
+
+
+    CORS_ALLOW_METHODS = (
+        'DELETE',
+        'GET',
+        'OPTIONS',
+        'PATCH',
+        'POST',
+        'PUT',
+    )
+
+
+    CORS_ALLOW_HEADERS = (
+        'accept',
+        'accept-encoding',
+        'authorization',
+        'content-type',
+        'user-agent',
+        'x-csrftoken',
+        'x-requested-with',
+        'x-token',
+        'Bearer'
+    )
+
+    # RESPONSE HEADERS END
+
+
+    REST_FRAMEWORK = {
+        "DEFAULT_PAGINATION_CLASS": (
+            "rest_framework.pagination.LimitOffsetPagination"
+        ),
+        "DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema",
+        "PAGE_SIZE": 10000,
+        "DEFAULT_FILTER_BACKENDS": [
+            "django_filters.rest_framework.DjangoFilterBackend"
+        ],
+        "DEFAULT_AUTHENTICATION_CLASSES": [
+            "core.auth.ZitadelJWTAuthentication",
+            "rest_framework_simplejwt.authentication.JWTAuthentication",
+            "rest_framework.authentication.SessionAuthentication",
+            "rest_framework.authentication.BasicAuthentication",
+        ],
+        "DEFAULT_PERMISSION_CLASSES": [
+            "rest_framework.permissions.AllowAny",
+        ]
+    }
+
+
+    # JWT SETTINGS START
+
+    def get_env_variable(var_name, default=None):
+        try:
+            return os.getenv(var_name, default)
+        except KeyError:
+            error_msg = f"Set the {var_name} environment variable"
+            if default:
+                return default
+            raise ImproperlyConfigured(error_msg)
+
+    SIMPLE_JWT_ISSUER = get_env_variable("SIMPLE_JWT_ISSUER", default="django")
+
+
+    SIMPLE_JWT = {
+        "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
+        "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
+        "ROTATE_REFRESH_TOKENS": False,
+        "UPDATE_LAST_LOGIN": False,
+
+        "ALGORITHM": "RS512",
+        "SIGNING_KEY": get_env_variable("JWT_PRIVATE_KEY").replace("\\\n", "\n"),
+        "VERIFYING_KEY": get_env_variable("JWT_PUBLIC_KEY").replace("\\\n", "\n"),
+        "AUDIENCE": None,
+        "ISSUER": SIMPLE_JWT_ISSUER,
+
+        "AUTH_HEADER_TYPES": ("Bearer",),
+        "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
+        "USER_ID_FIELD": "id",
+        "USER_ID_CLAIM": "user_id",
+
+        "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
+        "TOKEN_TYPE_CLAIM": "token_type",
+
+        "JTI_CLAIM": "jti",
+
+        "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
+        "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
+        "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
+    }
+
+
+    # JWT SETTINGS END
+
+
+    STATIC_ROOT = '/static/'
+
+    STATIC_URL = '/static/'
+
+    STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
+
+
+    SESSION_COOKIE_NAME = 'eav-sessionid'
+
+    CSRF_COOKIE_NAME = 'eav-csrftoken'
--- a/apps/eav/base/kustomization.yaml
+++ b/apps/eav/base/kustomization.yaml
@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: eav
+resources:
+  - namespace.yaml
+  - backend-deployment.yaml
+  - backend-service.yaml
+  - django-configmap.yaml
--- a/apps/eav/base/namespace.yaml
+++ b/apps/eav/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: eav
+  labels:
+    istio-injection: enabled
--- a/apps/eav/yc-k8s-test/kustomization.yaml
+++ b/apps/eav/yc-k8s-test/kustomization.yaml
@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+  - postgresql.yaml
+patches:
+  - path: replicas.yaml
+    target:
+      kind: Deployment
+      name: comparisons
--- a/apps/eav/yc-k8s-test/postgresql.yaml
+++ b/apps/eav/yc-k8s-test/postgresql.yaml
@ -0,0 +1,113 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: eav
+spec:
+  interval: 5m
+  timeout: 2h
+  chart:
+    spec:
+      chart: postgresql-contour
+      version: "17.0.2"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+
+  install:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  upgrade:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+      defaultStorageClass: local-path
+      postgresql:
+        auth:
+          username: ""
+          database: ""
+          secretKeys:
+            userPasswordKey: "postgres-password"
+    auth:
+      username: ""
+      database: ""
+      secretKeys:
+        userPasswordKey: "postgres-password"
+    image:
+      registry: cr.yandex/crp3ccidau046kdj8g9q
+      repository: contour/postgresql
+      tag: 17.0.2
+      pullPolicy: Always
+    metrics:
+      enabled: false
+      prometheusRule:
+        enabled: false
+    primary:
+      containerSecurityContext:
+        readOnlyRootFilesystem: false
+      persistence:
+        storageClass: local-path
+        size: 20Gi
+      customLivenessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customReadinessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 5
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customStartupProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      resources:
+        requests:
+          memory: 512Mi
+      nodeSelector:
+        dedicated: db
+      tolerations:
+        - key: dedicated
+          operator: Equal
+          value: db
+          effect: NoSchedule
+    contour:
+      enabled: true
+      adminUser: ""
+      adminPasswordSecretKey: ""
+      sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis"
+      databases:
+        - name: eav_db
+          user: eav
+          extensions: []
+          restoreFromDump: false
+      s3-proxy:
+        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
--- a/apps/eav/yc-k8s-test/replicas.yaml
+++ b/apps/eav/yc-k8s-test/replicas.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: eav
+spec:
+  replicas: 1
--- a/apps/faas/base/backend-service.yaml
+++ b/apps/faas/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: export-reviews-svc
+  namespace: faas
+spec:
+  type: ClusterIP
+  selector:
+    app: export-reviews
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8000
+      protocol: TCP
--- a/apps/faas/base/export-reviews.yaml
+++ b/apps/faas/base/export-reviews.yaml
@ -0,0 +1,64 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: export-reviews
+  namespace: faas
+  labels:
+    app: export-reviews
+    service: export-reviews
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: export-reviews
+  template:
+    metadata:
+      labels:
+        app: export-reviews
+        service: export-reviews
+    spec:
+      containers:
+        - name: api
+          image: cr.yandex/crp3ccidau046kdj8g9q/export-reviews:prod_c4cae4ee
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: BASE_HOST
+              value: https://sarex.contour.infra.sarex.tech
+            - name: DJANGO_HOST
+              value: https://sarex.contour.infra.sarex.tech
+            - name: REVIEWS_HOST
+              value: https://sarex.contour.infra.sarex.tech/flows
+            - name: GATEWAY_HOST
+              value: https://sarex.contour.infra.sarex.tech/gateway
+            - name: DOCUMENTATIONS_HOST
+              value: https://sarex.contour.infra.sarex.tech/documentations
+            - name: EAV_HOST
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: TRANSMITTALS_INTERNAL_HOST
+              value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1
+            - name: DJANGO_TIMEOUT
+              value: "180"
+            - name: REVIEWS_TIMEOUT
+              value: "180"
+            - name: GATEWAY_TIMEOUT
+              value: "60"
+            - name: DOCUMENTATIONS_TIMEOUT
+              value: "60"
+            - name: EAV_TIMEOUT
+              value: "30"
+            - name: TRANSMITTALS_TIMEOUT
+              value: "30"
+            - name: TIMEOUT
+              value: "180"
+
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/faas/base/kustomization.yaml
+++ b/apps/faas/base/kustomization.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: faas
+resources:
+  - namespace.yaml
+  - export-reviews.yaml
+  - backend-service.yaml
--- a/apps/faas/base/namespace.yaml
+++ b/apps/faas/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: faas
+  labels:
+    istio-injection: enabled
--- a/apps/faas/yc-k8s-test/kustomization.yaml
+++ b/apps/faas/yc-k8s-test/kustomization.yaml
@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+patches: []
+#  - path: replicas.yaml
+#    target:
+#      kind: Deployment
+#      name: frontend
--- a/apps/faas/yc-k8s-test/replicas.yaml
+++ b/apps/faas/yc-k8s-test/replicas.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: faas
+spec:
+  replicas: 1
--- a/apps/flows/base/backend-deployment.yaml
+++ b/apps/flows/base/backend-deployment.yaml
@ -0,0 +1,177 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: flows
+  labels:
+    app: backend
+    service: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+        service: backend
+    spec:
+      containers:
+        - name: backend
+          image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_2a439111
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: ADMIN_PANEL_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: admin-secret
+            - name: JWT_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: public_key
+                  name: jwt-secret
+            - name: LOG_LEVEL
+              value: DEBUG
+            - name: BASE_HOST
+              value: https://srx.wb.ru
+            - name: CELERY_QUEUE
+              value: flow
+            - name: EAV_HOST
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: DJANGO_HOST
+              value: http://backend.django.svc.cluster.local:8000/api
+            - name: PLANNING_HOST
+              value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp
+            - name: PLANNING_USE
+              value: "True"
+            - name: DOCUMENTATION_HOST
+              value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1
+            - name: DOCUMENTATION_EXTERNAL_HOST
+              value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1
+            - name: ENABLE_ANALYTICS
+              value: "1"
+            - name: ENABLE_CELERY
+              value: "1"
+            - name: ENABLE_MAILGUN
+              value: "0"
+            - name: ENABLE_METRICS
+              value: "0"
+            - name: FROM_EMAIL
+              value: sarex@rwb.ru
+            - name: GATEWAY_URL
+              value: http://pdm-api.documentations.svc.cluster.local:8080
+            - name: RESOURCE_URL
+              value: http://resources-service.resources.svc.cluster.local:8000
+            - name: SERVICE_HOST
+              value: https://srx.wb.ru/flows/api/v1
+            - name: SMTP_HOST
+              value: mail.rwb.ru
+
+            - name: DOCUMENTATION_PG_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret-documentations
+            - name: CHECKLIST_HOST
+              value: http://checklists-backend-service.checklists.svc.cluster.local:80
+            - name: SMTP_PORT
+              value: "465"
+            - name: SYNC_RESOURCE_ID
+              value: "1"
+            - name: TIMEOUT
+              value: "120"
+            - name: WORKFLOWS_HOST
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1
+            - name: WORKFLOWS_TIMEOUT
+              value: "60"
+            - name: DOCUMENTATION_TIMEOUT
+              value: "60"
+            - name: DJANGO_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: token
+                  name: django-secret
+            - name: PG_DB
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: PG_LOGIN
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: PG_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: PG_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: RABBITMQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: rabbitmq-secret
+            - name: RABBITMQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: rabbitmq-secret
+            - name: RABBITMQ_VHOST
+              valueFrom:
+                secretKeyRef:
+                  key: vhost
+                  name: rabbitmq-secret
+            - name: RABBITMQ_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: rabbitmq-secret
+            - name: RABBITMQ_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: rabbitmq-secret
+
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/flows/base/backend-service.yaml
+++ b/apps/flows/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-svc
+  namespace: flows
+spec:
+  type: ClusterIP
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8000
+      protocol: TCP
--- a/apps/flows/base/celery-deployment.yaml
+++ b/apps/flows/base/celery-deployment.yaml
@ -0,0 +1,185 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery
+  namespace: flows
+  labels:
+    app: celery
+    service: celery
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: celery
+  template:
+    metadata:
+      labels:
+        app: celery
+        service: celery
+    spec:
+      containers:
+        - name: celery
+          image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend_worker:production_2a439111
+          imagePullPolicy: IfNotPresent
+          command:
+            - uv
+          args:
+            - run
+            - celery
+            - -A
+            - config
+            - worker
+            - -l
+            - info
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: ADMIN_PANEL_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: admin-secret
+            - name: JWT_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: public_key
+                  name: jwt-secret
+            - name: LOG_LEVEL
+              value: DEBUG
+            - name: BASE_HOST
+              value: https://srx.wb.ru
+            - name: CELERY_QUEUE
+              value: flow
+            - name: EAV_HOST
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: DJANGO_HOST
+              value: http://backend.django.svc.cluster.local:8000/api
+            - name: PLANNING_HOST
+              value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp
+            - name: PLANNING_USE
+              value: "True"
+            - name: DOCUMENTATION_HOST
+              value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1
+            - name: DOCUMENTATION_EXTERNAL_HOST
+              value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1
+            - name: ENABLE_ANALYTICS
+              value: "1"
+            - name: ENABLE_CELERY
+              value: "1"
+            - name: ENABLE_MAILGUN
+              value: "0"
+            - name: ENABLE_METRICS
+              value: "0"
+            - name: FROM_EMAIL
+              value: sarex@rwb.ru
+            - name: GATEWAY_URL
+              value: http://pdm-api.documentations.svc.cluster.local:8080
+            - name: RESOURCE_URL
+              value: http://resources-service.resources.svc.cluster.local:8000
+            - name: SERVICE_HOST
+              value: https://srx.wb.ru/flows/api/v1
+            - name: SMTP_HOST
+              value: mail.rwb.ru
+            - name: DOCUMENTATION_PG_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret-documentations
+            - name: DOCUMENTATION_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret-documentations
+            - name: CHECKLIST_HOST
+              value: http://checklists-backend-service.checklists.svc.cluster.local:80
+            - name: SMTP_PORT
+              value: "465"
+            - name: SYNC_RESOURCE_ID
+              value: "1"
+            - name: TIMEOUT
+              value: "120"
+            - name: WORKFLOWS_HOST
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1
+            - name: WORKFLOWS_TIMEOUT
+              value: "60"
+            - name: DOCUMENTATION_TIMEOUT
+              value: "60"
+            - name: DJANGO_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: token
+                  name: django-secret
+            - name: PG_DB
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: PG_LOGIN
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: PG_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: PG_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: RABBITMQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: rabbitmq-secret
+            - name: RABBITMQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: rabbitmq-secret
+            - name: RABBITMQ_VHOST
+              valueFrom:
+                secretKeyRef:
+                  key: vhost
+                  name: rabbitmq-secret
+            - name: RABBITMQ_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: rabbitmq-secret
+            - name: RABBITMQ_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: rabbitmq-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/flows/base/frontend-deployment.yaml
+++ b/apps/flows/base/frontend-deployment.yaml
@ -0,0 +1,32 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: flows
+  labels:
+    app: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+        - name: frontend
+          image: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_5b2bd144
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/flows/base/frontend-service.yaml
+++ b/apps/flows/base/frontend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+  namespace: flows
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
--- a/apps/flows/base/kustomization.yaml
+++ b/apps/flows/base/kustomization.yaml
@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flows
+resources:
+  - namespace.yaml
+  - backend-deployment.yaml
+  - celery-deployment.yaml
+  - frontend-deployment.yaml
+  - backend-service.yaml
+  - frontend-service.yaml
--- a/apps/flows/base/namespace.yaml
+++ b/apps/flows/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flows
+  labels:
+    istio-injection: enabled
--- a/apps/flows/yc-k8s-test/kustomization.yaml
+++ b/apps/flows/yc-k8s-test/kustomization.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+  - postgresql.yaml
+patches: []
--- a/apps/flows/yc-k8s-test/postgresql.yaml
+++ b/apps/flows/yc-k8s-test/postgresql.yaml
@ -0,0 +1,110 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: flows
+spec:
+  interval: 5m
+  timeout: 2h
+  chart:
+    spec:
+      chart: postgresql-contour
+      version: "17.0.2"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+
+  install:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  upgrade:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+      defaultStorageClass: local-path
+      postgresql:
+        auth:
+          username: ""
+          database: ""
+          secretKeys:
+            userPasswordKey: "postgres-password"
+    auth:
+      username: ""
+      database: ""
+      secretKeys:
+        userPasswordKey: "postgres-password"
+    image:
+      registry: cr.yandex/crp3ccidau046kdj8g9q
+      repository: contour/postgresql
+      tag: 17.0.2
+      pullPolicy: Always
+    metrics:
+      enabled: false
+      prometheusRule:
+        enabled: false
+    primary:
+      containerSecurityContext:
+        readOnlyRootFilesystem: false
+      persistence:
+        storageClass: local-path
+        size: 20Gi
+      customLivenessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customReadinessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 5
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customStartupProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      nodeSelector:
+        dedicated: db
+      tolerations:
+        - key: dedicated
+          operator: Equal
+          value: db
+          effect: NoSchedule
+    contour:
+      enabled: true
+      adminUser: ""
+      adminPasswordSecretKey: ""
+      sharedPreloadLibraries: "pg_stat_statements"
+      databases:
+        - name: flows_db
+          user: flows
+          extensions: []
+          restoreFromDump: false
+      s3-proxy:
+        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
--- a/apps/issues/base/backend-deployment.yaml
+++ b/apps/issues/base/backend-deployment.yaml
@ -0,0 +1,165 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: issues
+  labels:
+    app: backend
+    service: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+        service: backend
+    spec:
+      volumes:
+        - name: production-configmap
+          configMap:
+            name: production-configmap
+            items:
+              - key: production.py
+                path: production.py
+          defaultMode: 420
+      containers:
+        - name: backend
+          image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: ENVIRONMENT
+              value: production
+            - name: AERO_PUBLIC_HOST
+              value: https://srx.wb.ru
+            - name: AERO_HOST
+              value: https://srx.wb.ru
+            - name: BASE_AERO_URL
+              value: https://srx.wb.ru
+            - name: BASE_AUTH_URL
+              value: http://backend.django.svc.cluster.local:8000
+            - name: WORKFLOWS_HOST
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000
+            - name: WORKFLOWS_URL
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000
+            - name: RESOURCES_API_HOST
+              value: http://resources-service.resources.svc.cluster.local:8000
+            - name: EAV_HOST
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: SAREX_API
+              value: https://srx.wb.ru
+            - name: DOCUMENTATIONS_URL
+              value: http://documentations-api.documentations.svc.cluster.local:8080
+            - name: DJANGO_SETTINGS_MODULE
+              value: config.settings.production
+            - name: API_ADDRESS
+              value: "8000"
+            - name: YC_S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: s3-secret
+            - name: YC_S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: s3-secret
+            - name: YC_S3_BUCKET_NAME
+              valueFrom:
+                secretKeyRef:
+                  key: bucket
+                  name: s3-secret
+            - name: YC_S3_ENDPOINT_URL
+              valueFrom:
+                secretKeyRef:
+                  key: host
+                  name: s3-secret
+            - name: DJANGO_BASIC_AUTH
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+            - name: SAREX_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: sarex-auth
+            - name: SAREX_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: sarex-auth
+            - name: DATABASE_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: DATABASE_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: DATABASE_USER
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: RABBITMQ_VHOST
+              valueFrom:
+                secretKeyRef:
+                  key: vhost
+                  name: rabbitmq-secret
+            - name: RABBITMQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: rabbitmq-secret
+            - name: RABBITMQ_HOSTNAME
+              valueFrom:
+                secretKeyRef:
+                  key: host
+                  name: rabbitmq-secret
+            - name: RABBITMQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: rabbitmq-secret
+            - name: JWT_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: ssh_private.key
+                  name: backend-secret
+            - name: JWT_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: ssh_public.key
+                  name: backend-secret
+
+
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+          volumeMounts:
+            - name: production-configmap
+              mountPath: /src/config/settings/production.py
+              subPath: production.py
+      imagePullSecrets:
+        - name: regcred
--- a/apps/issues/base/backend-service.yaml
+++ b/apps/issues/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-svc
+  namespace: issues
+spec:
+  type: ClusterIP
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8000
+      protocol: TCP
--- a/apps/issues/base/celery-deployment.yaml
+++ b/apps/issues/base/celery-deployment.yaml
@ -0,0 +1,165 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery
+  namespace: issues
+  labels:
+    app: celery
+    service: celery
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: celery
+  template:
+    metadata:
+      labels:
+        app: celery
+        service: celery
+    spec:
+      volumes:
+        - name: production-configmap
+          configMap:
+            name: production-configmap
+            items:
+              - key: production.py
+                path: production.py
+          defaultMode: 420
+      containers:
+        - name: celery
+          image: cr.yandex/crp3ccidau046kdj8g9q/issues:production_17c438aa
+          imagePullPolicy: IfNotPresent
+          command: ["celery", "-A", "config", "worker", "-l", "info", "-E"]
+
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: ENVIRONMENT
+              value: production
+            - name: AERO_PUBLIC_HOST
+              value: https://srx.wb.ru
+            - name: AERO_HOST
+              value: https://srx.wb.ru
+            - name: BASE_AERO_URL
+              value: https://srx.wb.ru
+            - name: BASE_AUTH_URL
+              value: http://backend.django.svc.cluster.local:8000
+            - name: WORKFLOWS_HOST
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000
+            - name: WORKFLOWS_URL
+              value: http://workflows-api-service.workflow.svc.cluster.local:8000
+            - name: RESOURCES_API_HOST
+              value: http://resources-service.resources.svc.cluster.local:8000
+            - name: EAV_HOST
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: SAREX_API
+              value: https://srx.wb.ru
+            - name: DOCUMENTATIONS_URL
+              value: http://documentations-api.documentations.svc.cluster.local:8080
+            - name: DJANGO_SETTINGS_MODULE
+              value: config.settings.production
+            - name: API_ADDRESS
+              value: "8000"
+            - name: YC_S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: s3-secret
+            - name: YC_S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: s3-secret
+            - name: YC_S3_BUCKET_NAME
+              valueFrom:
+                secretKeyRef:
+                  key: bucket
+                  name: s3-secret
+            - name: YC_S3_ENDPOINT_URL
+              valueFrom:
+                secretKeyRef:
+                  key: host
+                  name: s3-secret
+            - name: DJANGO_BASIC_AUTH
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+            - name: SAREX_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: sarex-auth
+            - name: SAREX_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: sarex-auth
+            - name: DATABASE_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: DATABASE_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: DATABASE_USER
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: RABBITMQ_VHOST
+              valueFrom:
+                secretKeyRef:
+                  key: vhost
+                  name: rabbitmq-secret
+            - name: RABBITMQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: rabbitmq-secret
+            - name: RABBITMQ_HOSTNAME
+              valueFrom:
+                secretKeyRef:
+                  key: host
+                  name: rabbitmq-secret
+            - name: RABBITMQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: rabbitmq-secret
+            - name: JWT_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: ssh_private.key
+                  name: backend-secret
+            - name: JWT_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: ssh_public.key
+                  name: backend-secret
+          resources:
+            requests:
+              cpu: "1"
+              memory: 1Gi
+          volumeMounts:
+            - name: production-configmap
+              mountPath: /src/config/settings/production.py
+              subPath: production.py
+      imagePullSecrets:
+        - name: regcred
--- a/apps/issues/base/frontend-deployment.yaml
+++ b/apps/issues/base/frontend-deployment.yaml
@ -0,0 +1,32 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: issues
+  labels:
+    app: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+        - name: frontend
+          image: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:716a2b73
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/issues/base/frontend-service.yaml
+++ b/apps/issues/base/frontend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+  namespace: issues
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
--- a/apps/issues/base/kustomization.yaml
+++ b/apps/issues/base/kustomization.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: issues
+resources:
+  - namespace.yaml
+  - backend-deployment.yaml
+  - celery-deployment.yaml
+  - frontend-deployment.yaml
+  - backend-service.yaml
+  - frontend-service.yaml
+  - production-configmap.yaml
--- a/apps/issues/base/namespace.yaml
+++ b/apps/issues/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: issues
+  labels:
+    istio-injection: enabled
--- a/apps/issues/base/production-configmap.yaml
+++ b/apps/issues/base/production-configmap.yaml
@ -0,0 +1,140 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: production-configmap
+  namespace: issues
+data:
+  production.py: |
+    from datetime import timedelta
+    import os
+    from .base import *
+
+    # DEBUG SETTINGS START
+    # -----------------------------------------------------------------------------
+    DEBUG = True
+    # -----------------------------------------------------------------------------
+
+    TEST_MODE = False
+
+    # SECRETS SETTINGS START
+    # -----------------------------------------------------------------------------
+    SECRET_KEY = "FromToMuchLoveOfLiving"  # Delete after Test
+    # -----------------------------------------------------------------------------
+
+    DJANGO_TOKEN="aGFnZW4wMTM6emVhbG90MDk2"
+
+    # ALLOWED HOSTS START
+    # -----------------------------------------------------------------------------
+    ALLOWED_HOSTS = ["*"]
+    # -----------------------------------------------------------------------------
+
+    # APPS SETTINGS START
+    # -----------------------------------------------------------------------------
+    # INSTALLED_APPS += [
+    #     "django_extensions",
+    # ]
+    # -----------------------------------------------------------------------------
+
+    # DEBUG SETTINGS START
+    # -----------------------------------------------------------------------------
+    DEBUG = False
+    # -----------------------------------------------------------------------------
+
+    REVIEW_HOST='http://backend-service.flows.svc.cluster.local:8000'
+    # -----------------------------------------------------------------------------
+    # EXTERNAL SERVICES END
+
+    WORKFLOWS_HOST = "http://workflows-api-service.workflow.svc.cluster.local:8000"
+    WORKFLOWS_URL = "http://workflows-api-service.workflow.svc.cluster.local:8000"
+    DOCUMENTATIONS_URL = "http://documentations-api.documentations.svc.cluster.local:8080"
+    RESOURCES_API_HOST = os.getenv("RESOURCES_API_HOST", default="http://resources-service.resources.svc.cluster:8000")
+    KAFKA_HOST = "wb-stage-kafka-bootstrap.kafka.svc.cluster.local:9093" 
+    KAFKA_USERNAME = "sarex" 
+    KAFKA_PASSWORD = "nK36sasvSfoItJnXQ4qxav2OUWIPX5ZC"
+    KAFKA_SSL_CAFILE = os.getenv("KAFKA_SSL_CAFILE", "/usr/local/share/ca-certificates/kafka.crt")
+    KAFKA_EAV_ASSETS_TOPIC = os.getenv("KAFKA_EAV_ASSETS_TOPIC", "sarex")
+    KAFKA_ISSUES_TOPIC = os.getenv("KAFKA_ISSUES_TOPIC", "sarex-issues")
+
+
+    USE_ASYNC_FUNCTIONS = True
+    USE_NOTIFICATIONS = True
+
+    # JWT SETTINGS START
+    # ---------------------------------------------------------------------------------------------------------------------
+    SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer")
+
+    SIMPLE_JWT = {
+        "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
+        "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
+        "ROTATE_REFRESH_TOKENS": False,
+        "UPDATE_LAST_LOGIN": False,
+
+        "ALGORITHM": "RS512",
+        "SIGNING_KEY": os.getenv("JWT_PRIVATE_KEY", default="").replace("\\n", "\n"),
+        "VERIFYING_KEY": os.getenv("JWT_PUBLIC_KEY").replace("\\n", "\n"),
+        "AUDIENCE": None,
+        "ISSUER": SIMPLE_JWT_ISSUER,
+
+        "AUTH_HEADER_TYPES": ("Bearer",),
+        "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
+        "USER_ID_FIELD": "id",
+        "USER_ID_CLAIM": "user_id",
+
+        "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
+        "TOKEN_TYPE_CLAIM": "token_type",
+
+        "JTI_CLAIM": "jti",
+
+        "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
+        "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
+        "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
+    }
+    # ---------------------------------------------------------------------------------------------------------------------
+
+    CORS_ALLOWED_ORIGINS = [
+        "https://lk.srx.wb.ru:30443",
+    ]
+
+    CORS_TRUSTED_ORIGINS = [
+        "https://lk.srx.wb.ru:30443",
+    ]
+
+    CSRF_TRUSTED_ORIGINS = [
+        "https://lk.srx.wb.ru:30443",
+    ]
+
+    CORS_ALLOW_ALL_ORIGINS = True
+    ENABLE_MAILGUN=False
+    SMTP_PORT=465
+    SMTP_HOST="mail.rwb.ru"
+    EMAIL_FROM="sarex@rwb.ru"
+
+    CORS_ALLOW_METHODS = [
+        "DELETE",
+        "GET",
+        "OPTIONS",
+        "PATCH",
+        "POST",
+        "PUT",
+    ]
+
+    SAREX_API = "https://srx.wb.ru"
+
+    AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API)
+
+    BASE_AERO_URL = "http://backend.django.svc.cluster.local:8000"
+
+    ENVIRONMENT = "production"
+
+    SESSION_COOKIE_NAME = "issues-sessionid"
+    CSRF_COOKIE_NAME = "issues-csrftoken"
+    STATIC_URL = "/static/"
+    STORAGES = {
+        'default': {
+            'BACKEND': "storages.backends.s3boto3.S3Boto3Storage",
+        },
+        'staticfiles': {
+            # Leave whatever setting you already have here, e.g.:
+            'BACKEND': "storages.backends.s3boto3.S3Boto3Storage",
+        }
+    }
--- a/apps/issues/yc-k8s-test/kustomization.yaml
+++ b/apps/issues/yc-k8s-test/kustomization.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+  - postgresql.yaml
+patches: []
--- a/apps/issues/yc-k8s-test/postgresql.yaml
+++ b/apps/issues/yc-k8s-test/postgresql.yaml
@ -0,0 +1,110 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: issues
+spec:
+  interval: 5m
+  timeout: 2h
+  chart:
+    spec:
+      chart: postgresql-contour
+      version: "17.0.2"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+
+  install:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  upgrade:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+      defaultStorageClass: local-path
+      postgresql:
+        auth:
+          username: ""
+          database: ""
+          secretKeys:
+            userPasswordKey: "postgres-password"
+    auth:
+      username: ""
+      database: ""
+      secretKeys:
+        userPasswordKey: "postgres-password"
+    image:
+      registry: cr.yandex/crp3ccidau046kdj8g9q
+      repository: contour/postgresql
+      tag: 17.0.2
+      pullPolicy: Always
+    metrics:
+      enabled: false
+      prometheusRule:
+        enabled: false
+    primary:
+      containerSecurityContext:
+        readOnlyRootFilesystem: false
+      persistence:
+        storageClass: local-path
+        size: 20Gi
+      customLivenessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customReadinessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 5
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customStartupProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      nodeSelector:
+        dedicated: db
+      tolerations:
+        - key: dedicated
+          operator: Equal
+          value: db
+          effect: NoSchedule
+    contour:
+      enabled: true
+      adminUser: ""
+      adminPasswordSecretKey: ""
+      sharedPreloadLibraries: "pg_stat_statements"
+      databases:
+        - name: issues_db
+          user: issues
+          extensions: []
+          restoreFromDump: false
+      s3-proxy:
+        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
--- a/apps/resources/base/backend-deployment.yaml
+++ b/apps/resources/base/backend-deployment.yaml
@ -0,0 +1,116 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: resources
+  labels:
+    app: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+    spec:
+      volumes:
+        - name: django-configmap
+          configMap:
+            name: django-configmap
+            items:
+              - key: production.py
+                path: production.py
+          defaultMode: 420
+
+      containers:
+        - name: backend
+          image: cr.yandex/crp3ccidau046kdj8g9q/sarex-resources:prod_d642ef88
+          imagePullPolicy: IfNotPresent
+
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+
+          env:
+            - name: DJANGO_SETTINGS_MODULE
+              value: config.settings.production
+            - name: API_ADDRESS
+              value: "8000"
+            - name: DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: DATABASE_HOST
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: DATABASE_USER
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: DATABASE_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: YC_S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: s3-secret
+            - name: YC_S3_ENDPOINT_URL
+              valueFrom:
+                secretKeyRef:
+                  key: host
+                  name: s3-secret
+            - name: YC_S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: s3-secret
+            - name: YC_S3_BUCKET_NAME
+              valueFrom:
+                secretKeyRef:
+                  key: bucket
+                  name: s3-secret
+
+
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+
+          volumeMounts:
+            - name: django-configmap
+              mountPath: /server/config/settings/production.py
+              subPath: production.py
+
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 10
+            periodSeconds: 60
+            failureThreshold: 10
+
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 20
+
+      imagePullSecrets:
+        - name: regcred
--- a/apps/resources/base/backend-service.yaml
+++ b/apps/resources/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-service
+  namespace: resources
+spec:
+  type: ClusterIP
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 8000
+      targetPort: 8000
+      protocol: TCP
--- a/apps/resources/base/django-configmap.yaml
+++ b/apps/resources/base/django-configmap.yaml
@ -0,0 +1,93 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: django-configmap
+  namespace: resources
+data:
+  production.py: |
+    import os
+    from .base import *
+    
+    # DEBUG SETTINGS
+    # -----------------------------------------------------------------------------
+    DEBUG = False
+    # -----------------------------------------------------------------------------
+    
+    # ALLOWED HOSTS
+    # -----------------------------------------------------------------------------
+    ALLOWED_HOSTS = ['*']
+    # -----------------------------------------------------------------------------
+    
+    # SERVICE ACCOUNTS HOST
+    # -----------------------------------------------------------------------------
+    SERVICE_ACCOUNTS_HOST = os.getenv(
+        "SERVICE_ACCOUNTS_HOST", 
+        default="http://backend.django.svc.cluster.local:8000/api/core"
+    )
+    # -----------------------------------------------------------------------------
+    
+    # DATABASE CONFIGURATION
+    # -----------------------------------------------------------------------------
+    POSTGRES_DATABASE = os.getenv("DATABASE_NAME")
+    POSTGRES_USER = os.getenv("DATABASE_USER")
+    POSTGRES_PASSWORD = os.getenv("DATABASE_PASSWORD")
+    POSTGRES_HOST = os.getenv("DATABASE_HOST")
+    POSTGRES_PORT = os.getenv("DATABASE_PORT")
+    
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.contrib.gis.db.backends.postgis",
+            "NAME": POSTGRES_DATABASE,
+            "USER": POSTGRES_USER,
+            "PASSWORD": POSTGRES_PASSWORD,
+            "HOST": POSTGRES_HOST,
+            "PORT": POSTGRES_PORT,
+        }
+    }
+    # -----------------------------------------------------------------------------
+    
+    # CORS SETTINGS
+    SAREX_ADMIN_USERNAME = "hagen013"
+    SAREX_ADMIN_PASSWORD = "zealot096"
+    SAREX_BASE_HOST = "http://backend.django.svc.cluster.local:8000"
+    # -----------------------------------------------------------------------------
+    
+    CORS_ALLOWED_ORIGINS = [
+        "https://localhost:8000",
+        "https://localhost:8080",
+        "https://wb.sarex.ru",
+        "https://wb.sarex.ru.lonsdaleites.ru",
+        "https://srx.wb.ru",
+    ]
+    
+    CSRF_TRUSTED_ORIGINS = [
+        'https://localhost:8000',
+        'https://localhost:8080',
+        'https://wb.sarex.ru',
+        "https://wb.sarex.ru",
+    ]
+    
+    CORS_ALLOW_ALL_ORIGINS = True
+    
+    CORS_ALLOW_METHODS = [
+        "DELETE",
+        "GET",
+        "OPTIONS",
+        "PATCH",
+        "POST",
+        "PUT",
+    ]
+    # -----------------------------------------------------------------------------
+    
+    # STATIC FILES
+    # -----------------------------------------------------------------------------
+    STATIC_ROOT = "/static/"
+    STATIC_URL = "/static/"
+    STATICFILES_STORAGE = "django.contrib.staticfiles.storage.StaticFilesStorage"
+    # -----------------------------------------------------------------------------
+    
+    # COOKIE SETTINGS
+    # -----------------------------------------------------------------------------
+    SESSION_COOKIE_NAME = "resource-sessionid"
+    CSRF_COOKIE_NAME = "resource-csrftoken"
+    # -----------------------------------------------------------------------------
--- a/apps/resources/base/kustomization.yaml
+++ b/apps/resources/base/kustomization.yaml
@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: resources
+resources:
+  - namespace.yaml
+  - backend-deployment.yaml
+  - backend-service.yaml
+  - django-configmap.yaml
--- a/apps/resources/base/namespace.yaml
+++ b/apps/resources/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: resources
+  labels:
+    istio-injection: enabled
--- a/apps/resources/yc-k8s-test/kustomization.yaml
+++ b/apps/resources/yc-k8s-test/kustomization.yaml
@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+  - postgresql.yaml
+patches:
+  - path: replicas.yaml
+    target:
+      kind: Deployment
+      name: comparisons
--- a/apps/resources/yc-k8s-test/postgresql.yaml
+++ b/apps/resources/yc-k8s-test/postgresql.yaml
@ -0,0 +1,113 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: resources
+spec:
+  interval: 5m
+  timeout: 2h
+  chart:
+    spec:
+      chart: postgresql-contour
+      version: "17.0.2"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+
+  install:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  upgrade:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+      defaultStorageClass: local-path
+      postgresql:
+        auth:
+          username: ""
+          database: ""
+          secretKeys:
+            userPasswordKey: "postgres-password"
+    auth:
+      username: ""
+      database: ""
+      secretKeys:
+        userPasswordKey: "postgres-password"
+    image:
+      registry: cr.yandex/crp3ccidau046kdj8g9q
+      repository: contour/postgresql
+      tag: 17.0.2
+      pullPolicy: Always
+    metrics:
+      enabled: false
+      prometheusRule:
+        enabled: false
+    primary:
+      containerSecurityContext:
+        readOnlyRootFilesystem: false
+      persistence:
+        storageClass: local-path
+        size: 20Gi
+      customLivenessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customReadinessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 5
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customStartupProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      resources:
+        requests:
+          memory: 512Mi
+      nodeSelector:
+        dedicated: db
+      tolerations:
+        - key: dedicated
+          operator: Equal
+          value: db
+          effect: NoSchedule
+    contour:
+      enabled: true
+      adminUser: ""
+      adminPasswordSecretKey: ""
+      sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis"
+      databases:
+        - name: resources_db
+          user: resources
+          extensions: []
+          restoreFromDump: false
+      s3-proxy:
+        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
--- a/apps/resources/yc-k8s-test/replicas.yaml
+++ b/apps/resources/yc-k8s-test/replicas.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: resources
+spec:
+  replicas: 1
--- a/apps/stamp-verification/base/deployment.yaml
+++ b/apps/stamp-verification/base/deployment.yaml
@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: stamp-verification
+  labels:
+    app: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+        version: stable
+    spec:
+      containers:
+        - name: frontend
+          image: cr.yandex/crp3ccidau046kdj8g9q/stamp-verification-frontend:e11a8f90be462fc325ff99c8c35a8a418815c27b
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+      imagePullSecrets:
+        - name: regcred
--- a/apps/stamp-verification/base/kustomization.yaml
+++ b/apps/stamp-verification/base/kustomization.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: stamp-verification
+resources:
+  - namespace.yaml
+  - deployment.yaml
+  - service.yaml
--- a/apps/stamp-verification/base/namespace.yaml
+++ b/apps/stamp-verification/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: stamp-verification
+  labels:
+    istio-injection: enabled
--- a/apps/stamp-verification/base/service.yaml
+++ b/apps/stamp-verification/base/service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+  namespace: stamp-verification
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
--- a/apps/stamp-verification/yc-k8s-test/kustomization.yaml
+++ b/apps/stamp-verification/yc-k8s-test/kustomization.yaml
@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+patches: []
+#  - path: replicas.yaml
+#    target:
+#      kind: Deployment
+#      name: frontend
--- a/apps/stamp-verification/yc-k8s-test/replicas.yaml
+++ b/apps/stamp-verification/yc-k8s-test/replicas.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: stamp-verification
+spec:
+  replicas: 1
--- a/apps/workspaces/base/backend-deployment.yaml
+++ b/apps/workspaces/base/backend-deployment.yaml
@ -0,0 +1,104 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: workspaces-api
+  namespace: workspaces
+  labels:
+    app: workspaces-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: workspaces-api
+  template:
+    metadata:
+      labels:
+        app: workspaces-api
+    spec:
+      containers:
+        - name: workspaces-api
+          image: cr.yandex/crp3ccidau046kdj8g9q/workspaces:prod_4961b1f1
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: POSTGRES_POOL_SIZE
+              value: "3"
+            - name: BUNDLES_RETRY_COUNT
+              value: "5"
+            - name: BUNDLES_NJOBS
+              value: "5"
+            - name: API_ADDRESS
+              value: 0.0.0.0:8000
+            - name: NAMESPACE
+              value: workspaces
+            - name: ENABLE_SQL_QUERY
+              value: "0"
+            - name: ENABLE_SSL
+              value: "0"
+            - name: DOCUMENTATION_HOST
+              value: http://documentations-api.documentations.svc.cluster.local:8080
+            - name: DOCUMENTATION_LOGGER_FEATURE
+              value: "0"
+            - name: DOCUMENTATION_ORIGINATOR
+              value: prod_ws
+            - name: ENVIRONMENT
+              value: prod
+            - name: DJANGO_HOST
+              value: http://backend.django.svc.cluster.local:8000
+            - name: DJANGO_ORIGINATOR
+              value: docs_prod
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  key: database
+                  name: postgresql-secret
+            - name: POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  key: port
+                  name: postgresql-secret
+            - name: POSTGRES_ADDRESS
+              valueFrom:
+                secretKeyRef:
+                  key: hostname
+                  name: postgresql-secret
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: postgresql-secret
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: postgresql-secret
+            - name: DJANGO_BASIC_AUTH
+              valueFrom:
+                secretKeyRef:
+                  key: key
+                  name: django-auth
+
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 10
+            periodSeconds: 60
+            failureThreshold: 10
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 20
+      imagePullSecrets:
+        - name: regcred
--- a/apps/workspaces/base/backend-service.yaml
+++ b/apps/workspaces/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-service
+  namespace: workspaces
+spec:
+  type: ClusterIP
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 8000
+      targetPort: 8000
+      protocol: TCP
--- a/apps/workspaces/base/frontend-deployment.yaml
+++ b/apps/workspaces/base/frontend-deployment.yaml
@ -0,0 +1,46 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: workspaces
+  labels:
+    app: frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+        - name: frontend
+          image: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_7f95769f
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 80
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            failureThreshold: 10
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 80
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            failureThreshold: 20
+      imagePullSecrets:
+        - name: regcred
--- a/apps/workspaces/base/frontend-service.yaml
+++ b/apps/workspaces/base/frontend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+  namespace: workspaces
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
--- a/apps/workspaces/base/kustomization.yaml
+++ b/apps/workspaces/base/kustomization.yaml
@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: workspaces
+resources:
+  - namespace.yaml
+  - backend-deployment.yaml
+  - backend-service.yaml
+  - frontend-deployment.yaml
+  - frontend-service.yaml
--- a/apps/workspaces/base/namespace.yaml
+++ b/apps/workspaces/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: workspaces
+  labels:
+    istio-injection: enabled
--- a/apps/workspaces/yc-k8s-test/kustomization.yaml
+++ b/apps/workspaces/yc-k8s-test/kustomization.yaml
@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+  - postgresql.yaml
+patches:
+  - path: replicas.yaml
+    target:
+      kind: Deployment
+      name: comparisons
--- a/apps/workspaces/yc-k8s-test/postgresql.yaml
+++ b/apps/workspaces/yc-k8s-test/postgresql.yaml
@ -0,0 +1,113 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: workspaces
+spec:
+  interval: 5m
+  timeout: 2h
+  chart:
+    spec:
+      chart: postgresql-contour
+      version: "17.0.2"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+
+  install:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  upgrade:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+      defaultStorageClass: local-path
+      postgresql:
+        auth:
+          username: ""
+          database: ""
+          secretKeys:
+            userPasswordKey: "postgres-password"
+    auth:
+      username: ""
+      database: ""
+      secretKeys:
+        userPasswordKey: "postgres-password"
+    image:
+      registry: cr.yandex/crp3ccidau046kdj8g9q
+      repository: contour/postgresql
+      tag: 17.0.2
+      pullPolicy: Always
+    metrics:
+      enabled: false
+      prometheusRule:
+        enabled: false
+    primary:
+      containerSecurityContext:
+        readOnlyRootFilesystem: false
+      persistence:
+        storageClass: local-path
+        size: 20Gi
+      customLivenessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customReadinessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 5
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customStartupProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      resources:
+        requests:
+          memory: 512Mi
+      nodeSelector:
+        dedicated: db
+      tolerations:
+        - key: dedicated
+          operator: Equal
+          value: db
+          effect: NoSchedule
+    contour:
+      enabled: true
+      adminUser: ""
+      adminPasswordSecretKey: ""
+      sharedPreloadLibraries: "pg_stat_statements,uuid-ossp"
+      databases:
+        - name: workspaces_db
+          user: workspaces
+          extensions: []
+          restoreFromDump: false
+      s3-proxy:
+        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
--- a/apps/workspaces/yc-k8s-test/replicas.yaml
+++ b/apps/workspaces/yc-k8s-test/replicas.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: workspaces
+spec:
+  replicas: 1
--- a/clusters/yc-k8s-test/kustomization.yaml
+++ b/clusters/yc-k8s-test/kustomization.yaml
@ -24,3 +24,12 @@ resources:
  - ../../apps/remarks/yc-k8s-test
  - ../../apps/notes/yc-k8s-test
  - ../../apps/pm/yc-k8s-test
+  - ../../apps/faas/yc-k8s-test
+  - ../../apps/stamp-verification/yc-k8s-test
+  - ../../apps/eav/yc-k8s-test
+  - ../../apps/resources/yc-k8s-test
+  - ../../apps/workspaces/yc-k8s-test
+  - ../../apps/cde/yc-k8s-test
+  - ../../apps/flows/yc-k8s-test
+  - ../../apps/issues/yc-k8s-test
+  - ../../apps/documentations/yc-k8s-test