From c08493c4dff1055aaf333e23edfcd0d5be00821d Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 13:46:18 +0300 Subject: [PATCH] Add PM app with backend, Celery, services, namespace, ConfigMap, and PostgreSQL configuration in yc-k8s-test --- apps/pm/base/backend-configmap.yaml | 30 +++++++ apps/pm/base/backend-deployment.yaml | 102 +++++++++++++++++++++ apps/pm/base/backend-service.yaml | 15 ++++ apps/pm/base/celery-deployment.yaml | 106 ++++++++++++++++++++++ apps/pm/base/kustomization.yaml | 12 +++ apps/pm/base/namespace.yaml | 7 ++ apps/pm/yc-k8s-test/kustomization.yaml | 7 ++ apps/pm/yc-k8s-test/postgresql.yaml | 113 ++++++++++++++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 9 files changed, 394 insertions(+), 1 deletion(-) create mode 100644 apps/pm/base/backend-configmap.yaml create mode 100644 apps/pm/base/backend-deployment.yaml create mode 100644 apps/pm/base/backend-service.yaml create mode 100644 apps/pm/base/celery-deployment.yaml create mode 100644 apps/pm/base/kustomization.yaml create mode 100644 apps/pm/base/namespace.yaml create mode 100644 apps/pm/yc-k8s-test/kustomization.yaml create mode 100644 apps/pm/yc-k8s-test/postgresql.yaml diff --git a/apps/pm/base/backend-configmap.yaml b/apps/pm/base/backend-configmap.yaml new file mode 100644 index 0000000..613257c --- /dev/null +++ b/apps/pm/base/backend-configmap.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: backend-configmap + namespace: pm +data: + uwsgi.ini: | + [uwsgi] + log-format = {"time": "%(time)", "method": "%(method)", "uri": "%(uri)", "status": "%(status)", "size": "%(size)", "addr": "%(addr)", "user": "%(user)", "proto": "%(proto)", "user_agent": "%(uagent)", "referer": "%(referer)", "trace_id": "%(trace_id)", "span_id": "%(span_id)"} + module = config.wsgi:application + DJANGO_SETTINGS_MODULE = config.settings.base + http = 0.0.0.0:8000 + processes = 8 + master = true + vacuum = true + enable-threads = true + buffer-size = 65535 + stats = :3031 + stats-http = true + memory-report = true + lazy-apps = true + listen = 1024 + disable-write-exception= 0 + harakiri = 300 + socket-timeout = 300 + chunked-input-timeout = 300 + http-timeout = 300 + worker-reload-mercy = 240 + mule-reload-mercy = 240 diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml new file mode 100644 index 0000000..101bfc7 --- /dev/null +++ b/apps/pm/base/backend-deployment.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: pm + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 5 + maxUnavailable: 5 + template: + metadata: + labels: + app: backend + monitoring: prometheus + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - backend + topologyKey: kubernetes.io/hostname + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: USERS_INTERNAL_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: RESOURCES_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: EAV_API_PREFIX + value: /api/v0 + - name: EAV_API_PREFIX_V1 + value: /api/v1 + resources: + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: uwsgi-configmap + mountPath: /opt/sarex/uwsgi.ini + subPath: uwsgi.ini + - name: env-file + mountPath: /opt/sarex/.env + subPath: .env + - name: tmp-volume + mountPath: /tmp + - name: kafka-cert-volume + mountPath: /usr/local/share/ca-certificates + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + volumes: + - name: tmp-volume + emptyDir: {} + - name: uwsgi-configmap + configMap: + name: backend-configmap + defaultMode: 420 + items: + - key: uwsgi.ini + path: uwsgi.ini + - name: env-file + secret: + secretName: sarex-env + defaultMode: 420 + - name: kafka-cert-volume + configMap: + name: kafka-cert + defaultMode: 420 + imagePullSecrets: + - name: regcred diff --git a/apps/pm/base/backend-service.yaml b/apps/pm/base/backend-service.yaml new file mode 100644 index 0000000..69f6c27 --- /dev/null +++ b/apps/pm/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: pm +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml new file mode 100644 index 0000000..0f20673 --- /dev/null +++ b/apps/pm/base/celery-deployment.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: pm + labels: + app: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 5 + maxUnavailable: 5 + template: + metadata: + labels: + app: celery + monitoring: prometheus + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - backend + topologyKey: kubernetes.io/hostname + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + imagePullPolicy: IfNotPresent + command: + - celery + - -A + - config + - worker + - -B + - -l + - info + - -E + - -Q + - pm + - -n + - default_worker.%h + - --concurrency=2 + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: USERS_INTERNAL_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: RESOURCES_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: EAV_API_PREFIX + value: /api/v0 + - name: EAV_API_PREFIX_V1 + value: /api/v1 + resources: + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: uwsgi-configmap + mountPath: /opt/sarex/uwsgi.ini + subPath: uwsgi.ini + - name: env-file + mountPath: /opt/sarex/.env + subPath: .env + - name: tmp-volume + mountPath: /tmp + - name: kafka-cert-volume + mountPath: /usr/local/share/ca-certificates + volumes: + - name: tmp-volume + emptyDir: {} + - name: uwsgi-configmap + configMap: + name: backend-configmap + defaultMode: 420 + items: + - key: uwsgi.ini + path: uwsgi.ini + - name: env-file + secret: + secretName: sarex-env + defaultMode: 420 + - name: kafka-cert-volume + configMap: + name: kafka-cert + defaultMode: 420 + imagePullSecrets: + - name: regcred diff --git a/apps/pm/base/kustomization.yaml b/apps/pm/base/kustomization.yaml new file mode 100644 index 0000000..0d108dc --- /dev/null +++ b/apps/pm/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: pm +resources: + - namespace.yaml +# - backend-deployment.yaml + - backend-service.yaml +# - celery-deployment.yaml +# - redis-deployment.yaml +# - redis-service.yaml + - backend-configmap.yaml diff --git a/apps/pm/base/namespace.yaml b/apps/pm/base/namespace.yaml new file mode 100644 index 0000000..2c1e797 --- /dev/null +++ b/apps/pm/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pm + labels: + istio-injection: enabled diff --git a/apps/pm/yc-k8s-test/kustomization.yaml b/apps/pm/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..5ee3750 --- /dev/null +++ b/apps/pm/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +# - postgresql.yaml +patches: [] diff --git a/apps/pm/yc-k8s-test/postgresql.yaml b/apps/pm/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..4d670e3 --- /dev/null +++ b/apps/pm/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: pm +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + resources: + requests: + memory: 512Mi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,ltree" + databases: + - name: pm_db + user: pm + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 7db396f..bd67acc 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -22,4 +22,5 @@ resources: - ../../apps/inspections/yc-k8s-test - ../../apps/system-log/yc-k8s-test - ../../apps/remarks/yc-k8s-test - - ../../apps/notes/yc-k8s-test \ No newline at end of file + - ../../apps/notes/yc-k8s-test + - ../../apps/pm/yc-k8s-test \ No newline at end of file