diff --git a/apps/bim/yc-k8s-test/postgresql.yaml b/apps/bim/yc-k8s-test/postgresql.yaml index bb424a6..0b8eea0 100644 --- a/apps/bim/yc-k8s-test/postgresql.yaml +++ b/apps/bim/yc-k8s-test/postgresql.yaml @@ -44,7 +44,7 @@ spec: image: registry: cr.yandex/crp3ccidau046kdj8g9q repository: contour/postgresql - tag: 17.0.2 + tag: 13.0.7 pullPolicy: Always metrics: enabled: false diff --git a/apps/django/base/backend-deployment.yaml b/apps/django/base/backend-deployment.yaml new file mode 100644 index 0000000..0d417aa --- /dev/null +++ b/apps/django/base/backend-deployment.yaml @@ -0,0 +1,251 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: django + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/backend:production_a96dead0 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ALLOWED_HOSTS + value: '*' + - name: SERVER_USE_CHANGELOG + value: "0" + - name: SERVER_ZITADEL_ENABLED + value: "False" + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: CELERY_REDIS_HOST + value: redis-service + - name: CELERY_REDIS_PORT + value: "6379" + - name: DJANGO_REDIS_HOST + value: redis-service + - name: DJANGO_REDIS_PORT + value: "6379" + - name: BIMV2_INTERNAL_HOST + value: http://bim-backend-v2-service.bim-api + - name: BIMV2_TIMEOUT + value: "60" + - name: JWT_KID + value: "1" + - name: PDM_SYNC + value: "1" + - name: KC_SYNC_ENABLE + value: "0" + - name: MEASUREMENTS_HOST + value: http://measurements-service.measurements.svc.cluster.local:8000/api + - name: MEASUREMENTS_USE_MEASUREMENTS + value: "1" + - name: SERVER_API_HOST + value: https://wb.sarex.io + - name: SERVER_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_BASE_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_USE + value: "1" + - name: SERVER_S3_STREAM_IMPORT + value: "1" + - name: SERVER_SAVE_DIFF_DEM + value: "1" + - name: SERVER_USE_CLICKHOUSE + value: "0" + - name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK + value: "0" + - name: SERVER_USE_DJANGO_STORAGE + value: "1" + - name: SERVER_USE_METASHAPE + value: "0" + - name: SERVER_CHANGELOG_MODE_SYSTEM_LOG + value: "1" + - name: SERVER_CHANGELOG_MODE + value: "0" + - name: SERVER_DJANGO_URLS + value: "1" + - name: CHECK_IMPORT_HASH + value: "1" + - name: EAV_ENABLE + value: "1" + - name: SERVER_CHECK_IMPORT_HASH + value: "1" + - name: SERVER_CHUNKED_PATH + value: /tmp/chunked_uploads/%Y/%m/%d + - name: SERVER_HIDE_USER_SCROLL_PERMISSIONS + value: "0" + - name: SERVER_USE_WRORKFLOW_STATUS + value: "1" + - name: ZITADEL_HOST + value: https://zitadel-srx.wb.ru + - name: ZITADEL_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: access_token + name: zitadel-secret + - name: SERVER_KAFKA_ENABLED + value: "False" + - name: KAFKA_TOPICS + value: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' + - name: KAFKA_BOOTSTRAP_SERVERS + value: '["wb-prod-kafka-bootstrap.kafka.svc.cluster.local:9093"]' + - name: KAFKA_SECURITY_PROTOCOL + value: SSL + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: KAFKA_SASL_MECHANISM + value: SCRAM-SHA-512 + - name: KAFKA_SSL_CAFILE + value: /usr/local/share/ca-certificates/kafka.crt + - name: AWS_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: S3_HOST + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: DJANGO_POSTGRES_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DJANGO_POSTGRES_PORTS + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DJANGO_POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DJANGO_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_POSTGRES_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DJANGO_RABBIT_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: DJANGO_RABBIT_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: DJANGO_RABBIT_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: DJANGO_RABBIT_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + - name: S3_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: S3_LOGIN + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: KC_USE_REDIRECT_LOGOUT + value: "False" + + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: django-configmap + mountPath: /opt/sarex/config/settings/production.py + subPath: production.py + imagePullSecrets: + - name: regcred diff --git a/apps/django/base/backend-service.yaml b/apps/django/base/backend-service.yaml new file mode 100644 index 0000000..f46fcaf --- /dev/null +++ b/apps/django/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: django +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/django/base/celery-deployment.yaml b/apps/django/base/celery-deployment.yaml new file mode 100644 index 0000000..fde3700 --- /dev/null +++ b/apps/django/base/celery-deployment.yaml @@ -0,0 +1,250 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: django + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/backend:production_a96dead0 + imagePullPolicy: IfNotPresent + command: ["celery", "-A", "config", "worker", "-B", "-l", "info", "-E", "-Q", "default", "-n", "default_worker.%h", "--concurrency=2"] + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ALLOWED_HOSTS + value: '*' + - name: SERVER_USE_CHANGELOG + value: "0" + - name: SERVER_ZITADEL_ENABLED + value: "False" + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: CELERY_REDIS_HOST + value: redis-service + - name: CELERY_REDIS_PORT + value: "6379" + - name: DJANGO_REDIS_HOST + value: redis-service + - name: DJANGO_REDIS_PORT + value: "6379" + - name: BIMV2_INTERNAL_HOST + value: http://bim-backend-v2-service.bim-api + - name: BIMV2_TIMEOUT + value: "60" + - name: JWT_KID + value: "1" + - name: PDM_SYNC + value: "1" + - name: KC_SYNC_ENABLE + value: "0" + - name: MEASUREMENTS_HOST + value: http://measurements-service.measurements.svc.cluster.local:8000/api + - name: MEASUREMENTS_USE_MEASUREMENTS + value: "1" + - name: SERVER_API_HOST + value: https://wb.sarex.io + - name: SERVER_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_BASE_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_USE + value: "1" + - name: SERVER_S3_STREAM_IMPORT + value: "1" + - name: SERVER_SAVE_DIFF_DEM + value: "1" + - name: SERVER_USE_CLICKHOUSE + value: "0" + - name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK + value: "0" + - name: SERVER_USE_DJANGO_STORAGE + value: "1" + - name: SERVER_USE_METASHAPE + value: "0" + - name: SERVER_CHANGELOG_MODE_SYSTEM_LOG + value: "1" + - name: SERVER_CHANGELOG_MODE + value: "0" + - name: SERVER_DJANGO_URLS + value: "1" + - name: CHECK_IMPORT_HASH + value: "1" + - name: EAV_ENABLE + value: "1" + - name: SERVER_CHECK_IMPORT_HASH + value: "1" + - name: SERVER_CHUNKED_PATH + value: /tmp/chunked_uploads/%Y/%m/%d + - name: SERVER_HIDE_USER_SCROLL_PERMISSIONS + value: "0" + - name: SERVER_USE_WRORKFLOW_STATUS + value: "1" + - name: ZITADEL_HOST + value: https://zitadel-srx.wb.ru + - name: ZITADEL_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: access_token + name: zitadel-secret + - name: SERVER_KAFKA_ENABLED + value: "False" + - name: KAFKA_TOPICS + value: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' + - name: KAFKA_BOOTSTRAP_SERVERS + value: '["wb-prod-kafka-bootstrap.kafka.svc.cluster.local:9093"]' + - name: KAFKA_SECURITY_PROTOCOL + value: SSL + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: KAFKA_SASL_MECHANISM + value: SCRAM-SHA-512 + - name: KAFKA_SSL_CAFILE + value: /usr/local/share/ca-certificates/kafka.crt + - name: AWS_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: S3_HOST + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: DJANGO_POSTGRES_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DJANGO_POSTGRES_PORTS + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DJANGO_POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DJANGO_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_POSTGRES_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DJANGO_RABBIT_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: DJANGO_RABBIT_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: DJANGO_RABBIT_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: DJANGO_RABBIT_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + - name: S3_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: S3_LOGIN + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: KC_USE_REDIRECT_LOGOUT + value: "False" + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: django-configmap + mountPath: /opt/sarex/config/settings/production.py + subPath: production.py + imagePullSecrets: + - name: regcred diff --git a/apps/django/base/django-configmap.yaml b/apps/django/base/django-configmap.yaml new file mode 100644 index 0000000..58d0bce --- /dev/null +++ b/apps/django/base/django-configmap.yaml @@ -0,0 +1,281 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: django +data: + production.py: | + import os + from .base import * + from logging.handlers import SysLogHandler + from datetime import timedelta + + ALLOWED_HOSTS = ["*"] + FILE_UPLOAD_PERMISSIONS = 0o644 + DEBUG = False + CSRF_COOKIE_SECURE = True + CSRF_TRUSTED_ORIGINS = ["https://lk.srx.wb.ru:30443", "https://lk.srx.wb.ru"] + SESSION_COOKIE_SECURE = True + SECURE_SSL_REDIRECT = False + + SECRET_KEY = 't2=9+($2f%7ptsdy4!rby$)mcfl1l%o2e@vs^d(g&(wwi&%k1v' + + CORS_ORIGIN_ALLOW_ALL = True + SERVERSETTINGS.cache_enabled = True + INSTALLED_APPS = list(INSTALLED_APPS) + ['corsheaders'] + + CORS_ALLOW_METHODS = ( + 'DELETE', + 'GET', + 'OPTIONS', + 'PATCH', + 'POST', + 'PUT', + ) + BASIC_USER_ID = 2 + + CORS_ALLOW_HEADERS = ( + 'accept', + 'accept-encoding', + 'authorization', + 'content-type', + 'user-agent', + 'x-csrftoken', + 'x-requested-with', + 'x-token', + 'Bearer', + ) + + HOST = "https://wb.sarex.io" + + POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE') + POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER') + POSTGRES_PASSWORD = os.environ.get('DJANGO_POSTGRES_PASSWORD') + POSTGRES_HOST = os.environ.get('DJANGO_POSTGRES_HOST') + POSTGRES_PORTS = os.environ.get('DJANGO_POSTGRES_PORTS', "5432") + + DATABASES = { + 'default': { + 'ENGINE': 'django_prometheus.db.backends.postgresql', + 'NAME': POSTGRES_DATABASE, + 'USER': POSTGRES_USER, + 'PASSWORD': POSTGRES_PASSWORD, + 'HOST': POSTGRES_HOST, + 'PORT': POSTGRES_PORTS, + } + } + + LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'filters': { + 'require_debug_false': { + '()': 'django.utils.log.RequireDebugFalse', + } + }, + 'formatters': { + 'verbose': { + 'format': '[contactor] %(levelname)s %(asctime)s %(message)s', + }, + }, + 'handlers': { + 'console': { + 'level': 'DEBUG', + 'class': 'logging.StreamHandler', + }, + 'sentry': { + 'level': 'ERROR', + 'filters': ['require_debug_false'], + 'class': 'logging.StreamHandler', + }, + }, + 'loggers': { + '': { + 'handlers': ['console', 'sentry'], + 'level': 'INFO', + 'propagate': False, + }, + } + } + + COMPARATOR_JWT = os.environ.get("COMPARATOR_JWT", "default_jwt") + COMPARATOR_URL = os.environ.get("COMPARATOR_URL", "https://wb.sarex.io/comparator") + COMPARATOR_SECTION = os.environ.get("COMPARATOR_SECTION", "sarex-production-storage") + + SIMPLE_JWT = { + 'ACCESS_TOKEN_LIFETIME': timedelta(hours=1), + 'REFRESH_TOKEN_LIFETIME': timedelta(days=1), + 'ROTATE_REFRESH_TOKENS': False, + 'BLACKLIST_AFTER_ROTATION': True, + 'UPDATE_LAST_LOGIN': False, + 'ALGORITHM': 'RS512', + 'SIGNING_KEY': os.environ.get("JWT_PRIVATE_KEY").replace("\\n", "\n"), + 'VERIFYING_KEY': os.environ.get("JWT_PUBLIC_KEY").replace("\\n", "\n"), + 'AUDIENCE': None, + 'ISSUER': os.environ.get('SIMPLE_JWT_ISSUER', 'default_issuer'), + 'AUTH_HEADER_TYPES': ('Bearer',), + 'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION', + 'USER_ID_FIELD': 'id', + 'USER_ID_CLAIM': 'user_id', + 'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',), + 'TOKEN_TYPE_CLAIM': 'token_type', + 'JTI_CLAIM': 'jti', + 'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp', + 'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5), + 'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1), + } + + os.environ["DJANGO_ALLOW_ASYNC_UNSAFE"] = "true" + DEFAULT_FILE_STORAGE = 'sarex.core.storages.CustomS3Boto3Storage' + DATA_UPLOAD_MAX_MEMORY_SIZE = 268435456 + + if not os.environ.get('ISOLATED', False): + import sentry_sdk + from sentry_sdk.integrations.django import DjangoIntegration + + sentry_sdk.init( + dsn="https://3df2f4b8d3d14595a06c92e9d7c562cb@sentry.io/1501541", + integrations=[DjangoIntegration()], + environment=os.environ.get('SENTRY_ENVIRONMENT', 'production'), + send_default_pii=True, + ) + + COMPARISON_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/comparisons" + DOCUMENTATION_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/documentations" + PDM_FILES_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/files" + + WORKFLOWS_TASKS = { + "update_orthomosaic_data": { + "image": f"{os.environ.get('WORKFLOWSSETTINGS_REGISTRY')}/update-orthomosaic-data:dev", + "service_requests": ["django-auth"], + "backoff_limit": 3, + }, + } + + REST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': ( + 'rest_framework.pagination.LimitOffsetPagination' ), + 'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema', + 'PAGE_SIZE': 1000, 'DEFAULT_FILTER_BACKENDS': [ + 'django_filters.rest_framework.DjangoFilterBackend' ], + 'DEFAULT_AUTHENTICATION_CLASSES': [ + 'sarex.authentication.backends.ZitadelJWTAuthentication', + 'rest_framework.authentication.RemoteUserAuthentication', + 'rest_framework_simplejwt.authentication.JWTAuthentication', + 'rest_framework.authentication.BasicAuthentication', + 'rest_framework.authentication.SessionAuthentication', + 'sarex.authentication.backends.JWTAuthentication' ], + 'DEFAULT_PERMISSION_CLASSES': [ + 'rest_framework.permissions.IsAuthenticated', ] } + + AUTHENTICATION_BACKENDS = [ + 'sarex.authentication.backends.CustomRemoteUserBackend', + 'django.contrib.auth.backends.ModelBackend', + 'guardian.backends.ObjectPermissionBackend', + ] + + MIDDLEWARE = [ + 'django_prometheus.middleware.PrometheusBeforeMiddleware', + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + #'django_keycloak.middlewares.AuthorizationHeaderMiddleware', + #'django_keycloak.middlewares.KeycloakSessionMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + #'django.contrib.auth.middleware.RemoteUserMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'django_user_agents.middleware.UserAgentMiddleware', + 'simple_history.middleware.HistoryRequestMiddleware', + 'django_prometheus.middleware.PrometheusAfterMiddleware', ] + + + class KeyCloakSettings(BaseSettings): + client_id: str = "client_id" + client_secret: str = "client_secret" + discovery_url: str = "https://login.wb.sarex.io/realms/sarex/.well-known/openid-configuration" + staff: Optional[str] = "Sarex staff" + superuser: Optional[str] = "Sarex superusers" + sync_with_django: bool = True + sync_admin: bool = False + group_prefix: str = 'Sarex-Role' + company_prefix: str = 'Sarex-Company' + department_prefix: str = 'Sarex-Department' + position_prefix: str = 'Sarex-Position' + separator: str = '__' + sync_user_groups: bool = False + sync_user_positions: bool = False + sync_user_departments: bool = False + sync_user_companies: bool = False + use_redirect_logout: bool = False + logout_redirect_uri: str = "/" + default_group_name: Optional[str] = 'Тест' + default_company_name: Optional[str] = 'Брусника' + trusted_uri: List[str] = ['/api/core/orthophotos/', '/api/token', '/api/token/me'] + trusted_uri: List[str] = [] + + class Config: + env_prefix = "KC_" + + + KEYCLOAKSETTINGS = KeyCloakSettings() + + REMOTE_USER_DEFAULT_COMPANY_ID = 1 + SAREX_MODULES = [ + { + "name": "Замечания", + "uri": "/remarks" + }, + # { + # "name": "Управление проектами", + # "uri": "/management/projects", + # }, + { + "name": "Замечания V2", + "uri": "/issues" + }, + { + "name": "Документация", + "uri": "/documentations", + }, + { + "name": "Согласование документов", + "uri": "/reviews" + }, + { + "name": "Рабочие процессы", + "uri": "/processes" + }, + { + "name": "Запросы", + "uri": "/rfi" + }, + # { + # "name": "Обзор", + # "uri": "/projects" + # }, + { + "name": "Передача документации", + "uri": "/transmittal" + }, + ] + AUTH_SETTINGS = { + "refresh_token": False, + "refresh_token_uri": "/api/token/me", + "refresh_oauth_token": True, + "refresh_oauth_token_uri": "/oauth/token", + "refresh_time": 240, + } + + + DEBUG=True + #WEB_APP_AUTH_MODE='jwt-session-based' + + + SAREX_MODULES_SETTINGS = { + "aero": { + "enable_new_media": True + }, + "sso_logout_redirect": True + } + diff --git a/apps/django/base/frontend-deployment.yaml b/apps/django/base/frontend-deployment.yaml new file mode 100644 index 0000000..713eaa7 --- /dev/null +++ b/apps/django/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: django + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-frontend-dev:contour_0b579274 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/django/base/frontend-service.yaml b/apps/django/base/frontend-service.yaml new file mode 100644 index 0000000..ab9f927 --- /dev/null +++ b/apps/django/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: django +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/django/base/kustomization.yaml b/apps/django/base/kustomization.yaml new file mode 100644 index 0000000..3d5e168 --- /dev/null +++ b/apps/django/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: django +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml + - django-configmap.yaml diff --git a/apps/django/base/namespace.yaml b/apps/django/base/namespace.yaml new file mode 100644 index 0000000..33478ea --- /dev/null +++ b/apps/django/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: django + labels: + istio-injection: enabled diff --git a/apps/django/yc-k8s-test/kustomization.yaml b/apps/django/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/django/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/django/yc-k8s-test/postgresql.yaml b/apps/django/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..ffb1a1b --- /dev/null +++ b/apps/django/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: django +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: sarex_db + user: sarex + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/processing/base/api-deployment.yaml b/apps/processing/base/api-deployment.yaml new file mode 100644 index 0000000..8ac0f41 --- /dev/null +++ b/apps/processing/base/api-deployment.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflows-api + namespace: processing + labels: + app: workflows-api + service: workflows-api +spec: + replicas: 1 + selector: + matchLabels: + app: workflows-api + template: + metadata: + labels: + app: workflows-api + service: workflows-api + spec: + containers: + - name: workflows-api + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_9ae8865a + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "3" + - name: HTTP_HOST + value: 0.0.0.0:8080 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: ENABLE_SQL_QUERY + value: "0" + - name: POSTGRES_SSL_USE + value: "0" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/api-service.yaml b/apps/processing/base/api-service.yaml new file mode 100644 index 0000000..6b29d65 --- /dev/null +++ b/apps/processing/base/api-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: processing +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/processing/base/engine-low.yaml b/apps/processing/base/engine-low.yaml new file mode 100644 index 0000000..7d66b95 --- /dev/null +++ b/apps/processing/base/engine-low.yaml @@ -0,0 +1,241 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: engine-low + namespace: processing + labels: + app: engine-low + service: engine-low +spec: + replicas: 1 + selector: + matchLabels: + app: engine-low + template: + metadata: + labels: + app: engine-low + service: engine-low + spec: + volumes: + - name: yc-s3 + secret: + defaultMode: 420 + secretName: yc-s3 + - name: django-auth + secret: + defaultMode: 420 + secretName: django-auth + - name: smtp-secret + secret: + defaultMode: 420 + secretName: smtp-secret + containers: + - name: engine-low + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-engine:prod_b6e15fda + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ENVIRONMENT + value: prod + - name: WORKFLOWS_SENTRY_DSN + value: https://866b532efdbb4764a7551b76231232fc@o279218.ingest.sentry.io/543123 + - name: WORKFLOWS_SENTRY_DEBUG + value: "0" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + - name: RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: BIM_API_V2_DB + value: /etc/sarex/bim-api-v2-db-prod.json + - name: PDM_API_DB + value: /etc/pdm/pdm-api-db-prod.json + - name: WORKSPACE_API_DB + value: /etc/ws/ws-api-db-prod.json + - name: ISSUE_API_DB + value: /etc/issues/issue-api-db-prod.json + - name: MAILGUN + value: /etc/mailgun-secret/env.json + - name: SMTP + value: /etc/smtp-secret/smtp.json + - name: INTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: INTERNAL_FILESTREAM_URL + value: http://documentations-filestream.documentations.svc.cluster.local:8080 + - name: EXTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: EXTERNAL_FILESTREAM_URL + value: http://documentations-filestream-service.documentations.svc.cluster.local:8080 + - name: RESOURCES_API_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_S3_STORAGE + value: "1" + - name: ENABLE_S3V2_STORAGE + value: "1" + - name: ENABLE_PDM_STORAGE + value: "1" + - name: ENABLE_SMTP + value: "1" + - name: ENABLE_URL_STORAGE + value: "1" + - name: ENABLE_SRX_TMP + value: "1" + - name: ENABLE_BIM_API_V2_DB + value: "1" + - name: ENABLE_WORKSPACE_API_DB + value: "1" + - name: ENABLE_ISSUE_API_DB + value: "1" + - name: ENABLE_RESOURCES_API + value: "1" + - name: ENABLE_PDM_API_DB + value: "1" + - name: ENABLE_COMPARISONS_API_DB + value: "1" + - name: ENABLE_MAIL_GUN + value: "1" + - name: ENABLE_AMQP_EXECUTOR + value: "0" + - name: ENABLE_KUBERNETES_EXECUTOR + value: "1" + - name: MAX_WORKFLOWS_LIMIT + value: "5" + - name: CPU_COUNT + value: "1" + - name: MEMORY_GI + value: "1" + - name: CPU_COUNT_LOW_RESOURCES + value: "1" + - name: MEMORY_GI_LOW_RESOURCES + value: "1" + - name: CPU_COUNT_HIGH_MEM + value: "1" + - name: MEMORY_GI_HIGH_MEM + value: "1" + - name: COUNT_RUNNING_WORKERS + value: "1" + - name: COUNT_CANCELING_WORKERS + value: "1" + - name: COUNT_HANDLE_JOB_WORKERS + value: "1" + - name: BIM_API_DEBUG + value: "0" + - name: BIM_API_V2_DEBUG + value: "0" + - name: PDM_API_DEBUG + value: "0" + - name: COMPARISONS_API_DEBUG + value: "0" + - name: WORKSPACE_API_DEBUG + value: "0" + - name: JOBS_NAMESPACE + value: workflow + - name: ISSUE_API_DEBUG + value: "0" + - name: TOLERATION_KEY + value: dedicated + - name: TOLERATION_VALUE + value: processing-light + - name: TOLERATION_KEY_HIGH_MEM + value: dedicated + - name: TOLERATION_VALUE_HIGH_MEM + value: processing-light + - name: TOLERATION_KEY_PERSISTENT + value: dedicated + - name: TOLERATION_VALUE_PERSISTENT + value: processing-light + - name: RABBITMQ_CREATE_EXCHANGE + value: autodesk.inputMessage + - name: RABBITMQ_CANCEL_EXCHANGE + value: autodesk.cancelMessage + - name: RABBITMQ_CREATE_ROUTING_KEY + value: converting + - name: RABBITMQ_CANCEL_TOPIC + value: cancel + - name: RABBITMQ_COMPLETENESS_EXCHANGE + value: autodesk.outputMessage + - name: RABBITMQ_COMPLETENESS_TOPIC + value: output_navis + - name: CONTROL_PLANE_PERIOD + value: 10s + - name: WORKFLOW_PRIORITY + value: low + - name: ENABLE_TOLERATION + value: "1" + - name: DEFAULT_TOLERATION_KEY + value: dedicated + - name: DEFAULT_TOLERATION_VALUE + value: processing-light + - name: DEFAULT_NODE_SELECTOR_KEY + value: dedicated + - name: DEFAULT_NODE_SELECTOR_VALUE + value: processing-light + + resources: + requests: + cpu: "1" + memory: 1Gi + + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/engine.yaml b/apps/processing/base/engine.yaml new file mode 100644 index 0000000..610263b --- /dev/null +++ b/apps/processing/base/engine.yaml @@ -0,0 +1,242 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: engine + namespace: processing + labels: + app: engine + service: engine + +spec: + replicas: 1 + selector: + matchLabels: + app: engine + template: + metadata: + labels: + app: engine + service: engine + spec: + volumes: + - name: yc-s3 + secret: + defaultMode: 420 + secretName: yc-s3 + - name: django-auth + secret: + defaultMode: 420 + secretName: django-auth + - name: smtp-secret + secret: + defaultMode: 420 + secretName: smtp-secret + + containers: + - name: engine + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-engine:prod_b6e15fda + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + + env: + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ENVIRONMENT + value: prod + - name: WORKFLOWS_SENTRY_DSN + value: https://866b532efdbb4764a7551b76231232fc@o279218.ingest.sentry.io/543123 + - name: WORKFLOWS_SENTRY_DEBUG + value: "0" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + - name: RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: BIM_API_V2_DB + value: /etc/sarex/bim-api-v2-db-prod.json + - name: PDM_API_DB + value: /etc/pdm/pdm-api-db-prod.json + - name: WORKSPACE_API_DB + value: /etc/ws/ws-api-db-prod.json + - name: ISSUE_API_DB + value: /etc/issues/issue-api-db-prod.json + - name: MAILGUN + value: /etc/mailgun-secret/env.json + - name: SMTP + value: /etc/smtp-secret/smtp.json + - name: INTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: INTERNAL_FILESTREAM_URL + value: http://documentations-filestream.documentations.svc.cluster.local:8080 + - name: EXTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: EXTERNAL_FILESTREAM_URL + value: http://documentations-filestream-service.documentations.svc.cluster.local:8080 + - name: RESOURCES_API_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_S3_STORAGE + value: "1" + - name: ENABLE_S3V2_STORAGE + value: "1" + - name: ENABLE_PDM_STORAGE + value: "1" + - name: ENABLE_SMTP + value: "1" + - name: ENABLE_URL_STORAGE + value: "1" + - name: ENABLE_SRX_TMP + value: "1" + - name: ENABLE_BIM_API_V2_DB + value: "1" + - name: ENABLE_WORKSPACE_API_DB + value: "1" + - name: ENABLE_ISSUE_API_DB + value: "1" + - name: ENABLE_RESOURCES_API + value: "1" + - name: ENABLE_PDM_API_DB + value: "1" + - name: ENABLE_COMPARISONS_API_DB + value: "1" + - name: ENABLE_MAIL_GUN + value: "1" + - name: ENABLE_AMQP_EXECUTOR + value: "0" + - name: ENABLE_KUBERNETES_EXECUTOR + value: "1" + - name: MAX_WORKFLOWS_LIMIT + value: "5" + - name: CPU_COUNT + value: "1" + - name: MEMORY_GI + value: "1" + - name: CPU_COUNT_LOW_RESOURCES + value: "1" + - name: MEMORY_GI_LOW_RESOURCES + value: "1" + - name: CPU_COUNT_HIGH_MEM + value: "1" + - name: MEMORY_GI_HIGH_MEM + value: "1" + - name: ENABLE_TOLERATION + value: "1" + - name: COUNT_RUNNING_WORKERS + value: "1" + - name: COUNT_CANCELING_WORKERS + value: "1" + - name: COUNT_HANDLE_JOB_WORKERS + value: "1" + - name: BIM_API_DEBUG + value: "0" + - name: BIM_API_V2_DEBUG + value: "0" + - name: PDM_API_DEBUG + value: "0" + - name: COMPARISONS_API_DEBUG + value: "0" + - name: WORKSPACE_API_DEBUG + value: "0" + - name: JOBS_NAMESPACE + value: workflow + - name: ISSUE_API_DEBUG + value: "0" + - name: TOLERATION_KEY + value: dedicated + - name: TOLERATION_VALUE + value: processing-light + - name: TOLERATION_KEY_HIGH_MEM + value: dedicated + - name: TOLERATION_VALUE_HIGH_MEM + value: processing-light + - name: TOLERATION_KEY_PERSISTENT + value: dedicated + - name: TOLERATION_VALUE_PERSISTENT + value: processing-light + - name: RABBITMQ_CREATE_EXCHANGE + value: autodesk.inputMessage + - name: RABBITMQ_CANCEL_EXCHANGE + value: autodesk.cancelMessage + - name: RABBITMQ_CREATE_ROUTING_KEY + value: converting + - name: RABBITMQ_CANCEL_TOPIC + value: cancel + - name: RABBITMQ_COMPLETENESS_EXCHANGE + value: autodesk.outputMessage + - name: RABBITMQ_COMPLETENESS_TOPIC + value: output_navis + - name: CONTROL_PLANE_PERIOD + value: 10s + - name: DEFAULT_TOLERATION_KEY + value: dedicated + - name: DEFAULT_TOLERATION_VALUE + value: processing-light + - name: DEFAULT_NODE_SELECTOR_KEY + value: dedicated + - name: DEFAULT_NODE_SELECTOR_VALUE + value: processing-light + + resources: + requests: + cpu: "1" + memory: 1Gi + + imagePullSecrets: + - name: regcred \ No newline at end of file diff --git a/apps/processing/base/frontend-deployment.yaml b/apps/processing/base/frontend-deployment.yaml new file mode 100644 index 0000000..0ec40a1 --- /dev/null +++ b/apps/processing/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: processing + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-frontend:wb_ebc15427 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/frontend-service.yaml b/apps/processing/base/frontend-service.yaml new file mode 100644 index 0000000..024ea55 --- /dev/null +++ b/apps/processing/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: processing +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/processing/base/kustomization.yaml b/apps/processing/base/kustomization.yaml new file mode 100644 index 0000000..aeeb0d0 --- /dev/null +++ b/apps/processing/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: processing +resources: + - namespace.yaml + - api-deployment.yaml + - engine-low.yaml + - engine.yaml + - frontend-deployment.yaml + - api-service.yaml + - frontend-service.yaml diff --git a/apps/processing/base/namespace.yaml b/apps/processing/base/namespace.yaml new file mode 100644 index 0000000..2068fd3 --- /dev/null +++ b/apps/processing/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: processing + labels: + istio-injection: enabled diff --git a/apps/processing/yc-k8s-test/kustomization.yaml b/apps/processing/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/processing/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/processing/yc-k8s-test/postgresql.yaml b/apps/processing/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..0483f00 --- /dev/null +++ b/apps/processing/yc-k8s-test/postgresql.yaml @@ -0,0 +1,111 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: processing +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: workflow_db + user: workflow + extensions: + - uuid-ossp + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 7f78c15..f284992 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -33,4 +33,6 @@ resources: - ../../apps/flows/yc-k8s-test - ../../apps/issues/yc-k8s-test - ../../apps/documentations/yc-k8s-test - - ../../apps/bim/yc-k8s-test \ No newline at end of file + - ../../apps/bim/yc-k8s-test + - ../../apps/django/yc-k8s-test + - ../../apps/processing/yc-k8s-test \ No newline at end of file