sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add platform services to yc-k8s-test-02

Browse Source
This commit is contained in:
Kochetkov S 2026-05-28 18:35:00 +03:00
parent 9722733275
commit ae99372ecf
8 changed files with 446 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
clusters/yc-k8s-test-02/infrastructure/kustomization.yaml
View File

@ -5,8 +5,15 @@ resources:
- ../../../infrastructure/istio-pilot - ../../../infrastructure/istio-pilot
- ../../../infrastructure/istio-gateway - ../../../infrastructure/istio-gateway
- ../../../infrastructure/istio-config - ../../../infrastructure/istio-config
- ../../../infrastructure/dashboard
- ../../../infrastructure/local-path-provisioner - ../../../infrastructure/local-path-provisioner
- ../../../infrastructure/minio - ../../../infrastructure/minio
- ../../../infrastructure/rabbitmq
- ../../../infrastructure/kafka
- ../../../infrastructure/redis
- ../../../infrastructure/camunda
- ../../../infrastructure/zitadel
- ../../../infrastructure/keycloak
- ../../../infrastructure/vault - ../../../infrastructure/vault
patches: patches:
- path: ./patches/istio-base.yaml - path: ./patches/istio-base.yaml
@ -37,6 +44,13 @@ patches:
kind: HelmRelease kind: HelmRelease
name: istio-config name: istio-config
namespace: default namespace: default
- path: ./patches/dashboard.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: dashboard
namespace: kubernetes-dashboard
- path: ./patches/local-path-provisioner.yaml - path: ./patches/local-path-provisioner.yaml
target: target:
group: helm.toolkit.fluxcd.io group: helm.toolkit.fluxcd.io
@ -51,6 +65,48 @@ patches:
kind: HelmRelease kind: HelmRelease
name: minio name: minio
namespace: minio namespace: minio
- path: ./patches/rabbitmq.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: rabbitmq
namespace: rabbitmq
- path: ./patches/kafka.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: kafka
namespace: kafka
- path: ./patches/redis.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: redis
namespace: redis
- path: ./patches/camunda.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: camunda
namespace: camunda
- path: ./patches/zitadel.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: zitadel
namespace: zitadel
- path: ./patches/keycloak.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: keycloak
namespace: keycloak
- path: ./patches/vault.yaml - path: ./patches/vault.yaml
target: target:
group: helm.toolkit.fluxcd.io group: helm.toolkit.fluxcd.io

155
clusters/yc-k8s-test-02/infrastructure/patches/camunda.yaml Normal file
View File

@ -0,0 +1,155 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: camunda
namespace: camunda
spec:
interval: 5m
timeout: 15m
values:
global:
vault:
enabled: true
role: camunda
authPath: auth/kubernetes
image:
pullSecrets:
- name: regcred
identity:
auth:
publicIssuerUrl: "https://camunda-keycloak.contour.infra.sarex.tech/auth/realms/camunda-platform"
identity:
redirectUrl: "https://camunda-identity.contour.infra.sarex.tech"
operate:
redirectUrl: "https://camunda-operate.contour.infra.sarex.tech"
tasklist:
redirectUrl: "https://camunda-tasklist.contour.infra.sarex.tech"
optimize:
redirectUrl: "https://camunda-optimize.contour.infra.sarex.tech"
webModeler:
redirectUrl: "https://camunda-web-modeler.contour.infra.sarex.tech"
console:
redirectUrl: "https://camunda-console.contour.infra.sarex.tech"
identityPostgresql:
auth:
usePasswordFiles: true
primary:
automountServiceAccountToken: true
persistence:
size: 10Gi
storageClass: local-path
identityKeycloak:
postgresql:
auth:
usePasswordFiles: true
primary:
automountServiceAccountToken: true
persistence:
size: 10Gi
storageClass: local-path
vaultEnv:
enabled: true
role: camunda
authPath: auth/kubernetes
envFiles:
KEYCLOAK_ADMIN_PASSWORD:
path: secrets/data/camunda/keycloak-admin
key: admin-password
KEYCLOAK_PASSWORD:
path: secrets/data/camunda/keycloak-admin
key: admin-password
KEYCLOAK_DATABASE_PASSWORD:
path: secrets/data/camunda/postgresql
key: password
global:
storageClass: local-path
tolerations: []
postgresql:
auth:
usePasswordFiles: true
primary:
automountServiceAccountToken: true
persistence:
size: 10Gi
storageClass: local-path
elasticsearch:
master:
persistence:
size: 10Gi
storageClass: local-path
tolerations: []
metrics:
enabled: false
serviceMonitor:
enabled: false
prometheusRule:
enabled: false
tolerations: []
camundaCanary:
enabled: false
prometheusServiceMonitor:
enabled: false
console:
image:
pullSecrets:
- name: regcred
tolerations: []
zeebe:
pvcStorageClassName: local-path
image:
pullSecrets:
- name: regcred
tolerations: []
zeebeGateway:
image:
pullSecrets:
- name: regcred
tolerations: []
operate:
image:
pullSecrets:
- name: regcred
serviceAccount:
automountServiceAccountToken: true
tolerations: []
tasklist:
image:
pullSecrets:
- name: regcred
serviceAccount:
automountServiceAccountToken: true
tolerations: []
optimize:
image:
pullSecrets:
- name: regcred
serviceAccount:
automountServiceAccountToken: true
tolerations: []
executionIdentity:
image:
pullSecrets:
- name: regcred
tolerations: []
identity:
image:
pullSecrets:
- name: regcred
tolerations: []
webModeler:
image:
pullSecrets:
- name: regcred
restapi:
tolerations: []
webapp:
tolerations: []
websockets:
tolerations: []
connectors:
image:
pullSecrets:
- name: regcred
serviceAccount:
automountServiceAccountToken: true
tolerations: []

25
clusters/yc-k8s-test-02/infrastructure/patches/dashboard.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: dashboard
namespace: kubernetes-dashboard
spec:
interval: 5m
timeout: 10m
values:
destinationRule:
enabled: true
host: "dashboard-kong-proxy"
tlsMode: "DISABLE"
virtualService:
enabled: false
gateway:
enabled: false
app:
image:
pullSecrets:
- regcred
kong:
image:
pullSecrets:
- regcred

57
clusters/yc-k8s-test-02/infrastructure/patches/kafka.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kafka
namespace: kafka
spec:
interval: 5m
timeout: 10m
values:
global:
imagePullSecrets:
- regcred
defaultStorageClass: local-path
image:
pullSecrets:
- regcred
controller:
replicaCount: 1
automountServiceAccountToken: true
persistence:
size: 8Gi
storageClass: local-path
overrideConfiguration:
offsets.topic.replication.factor: 1
transaction.state.log.replication.factor: 1
transaction.state.log.min.isr: 1
default.replication.factor: 1
min.insync.replicas: 1
broker:
replicaCount: 0
automountServiceAccountToken: true
listeners:
client:
protocol: SASL_SSL
sslClientAuth: "none"
provisioning:
enabled: false
sasl:
managedExistingSecret:
enabled: false
existingSecret: ""
enabledMechanisms: PLAIN,SCRAM-SHA-512
interBrokerMechanism: PLAIN
controllerMechanism: PLAIN
client:
users: []
passwords: ""
tls:
type: PEM
vault:
enabled: true
role: kafka
authPath: auth/kubernetes
secretPath: secrets/data/kafka/bootstrap
clusterIdKey: clusterId
interBrokerPasswordKey: interBrokerPassword
controllerPasswordKey: controllerPassword

49
clusters/yc-k8s-test-02/infrastructure/patches/keycloak.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: keycloak
namespace: keycloak
spec:
interval: 5m
timeout: 15m
values:
global:
defaultStorageClass: local-path
imageRegistry: ""
persistence:
enabled: true
storageClass: local-path
size: 10Gi
postgresql:
enabled: false
vaultEnv:
enabled: true
role: keycloak
authPath: auth/kubernetes
envFiles:
KEYCLOAK_ADMIN_PASSWORD:
path: secrets/data/keycloak/admin
key: password
KEYCLOAK_PASSWORD:
path: secrets/data/keycloak/admin
key: password
KEYCLOAK_DATABASE_HOST:
path: secrets/data/keycloak/postgresql
key: host
KEYCLOAK_DATABASE_PORT:
path: secrets/data/keycloak/postgresql
key: port
KEYCLOAK_DATABASE_USER:
path: secrets/data/keycloak/postgresql
key: user
KEYCLOAK_DATABASE_NAME:
path: secrets/data/keycloak/postgresql
key: database
KEYCLOAK_DATABASE_PASSWORD:
path: secrets/data/keycloak/postgresql
key: password
externalDatabase:
host: "postgresql.postgresql.svc.cluster.local"
port: 5432
user: keycloak
database: keycloak

42
clusters/yc-k8s-test-02/infrastructure/patches/rabbitmq.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: rabbitmq
namespace: rabbitmq
spec:
interval: 5m
timeout: 10m
values:
global:
security:
allowInsecureImages: true
virtualService: null
gateway: null
certificate: null
metrics:
serviceMonitor:
enabled: false
default:
enabled: false
perObject:
enabled: false
detailed:
enabled: false
extraServiceMonitors: []
replicaCount: 1
resources:
requests:
memory: 1Gi
persistence:
storageClass: local-path
size: 10Gi
auth:
securePassword: true
existingPasswordSecret: ""
vault:
enabled: true
role: rabbitmq
authPath: auth/kubernetes
secretPath: secrets/data/rabbitmq/auth
usernameKey: username
passwordKey: password

27
clusters/yc-k8s-test-02/infrastructure/patches/redis.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: redis
namespace: redis
spec:
interval: 5m
timeout: 10m
values:
global:
defaultStorageClass: local-path
architecture: standalone
auth:
enabled: true
sentinel:
enabled: false
replica:
replicaCount: 0
master:
count: 1
resources:
requests:
memory: 1Gi
limits: {}
persistence:
storageClass: local-path
size: 10Gi

35
clusters/yc-k8s-test-02/infrastructure/patches/zitadel.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: zitadel
namespace: zitadel
spec:
interval: 5m
timeout: 10m
values:
postgresqlSecret:
create: false
vault:
enabled: true
role: zitadel
authPath: auth/kubernetes
secretPath: secrets/data/zitadel/postgresql
secretKey: password
zitadel:
configmapConfig:
ExternalDomain: zitadel.contour.infra.sarex.tech
login:
env:
- name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
value: "false"
- name: ZITADEL_DATABASE_POSTGRES_HOST
value: "postgresql.postgresql.svc.cluster.local"
- name: ZITADEL_DATABASE_POSTGRES_PORT
value: "5432"
env:
- name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
value: "false"
- name: ZITADEL_DATABASE_POSTGRES_HOST
value: "postgresql.postgresql.svc.cluster.local"
- name: ZITADEL_DATABASE_POSTGRES_PORT
value: "5432"