From 89d00b8b2c98d1085b0665996ad97103c611a47f Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 19:00:15 +0500 Subject: [PATCH 1/9] ++ --- apps/django/base/backend-deployment.yaml | 253 +++++++++++++++++++ apps/django/base/backend-service.yaml | 15 ++ apps/django/base/celery-deployment.yaml | 252 ++++++++++++++++++ apps/django/base/django-configmap.yaml | 281 +++++++++++++++++++++ apps/django/base/frontend-deployment.yaml | 32 +++ apps/django/base/frontend-service.yaml | 15 ++ apps/django/base/kustomization.yaml | 12 + apps/django/base/namespace.yaml | 7 + apps/django/yc-k8s-test/kustomization.yaml | 7 + apps/django/yc-k8s-test/postgresql.yaml | 110 ++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 11 files changed, 986 insertions(+), 1 deletion(-) create mode 100644 apps/django/base/backend-deployment.yaml create mode 100644 apps/django/base/backend-service.yaml create mode 100644 apps/django/base/celery-deployment.yaml create mode 100644 apps/django/base/django-configmap.yaml create mode 100644 apps/django/base/frontend-deployment.yaml create mode 100644 apps/django/base/frontend-service.yaml create mode 100644 apps/django/base/kustomization.yaml create mode 100644 apps/django/base/namespace.yaml create mode 100644 apps/django/yc-k8s-test/kustomization.yaml create mode 100644 apps/django/yc-k8s-test/postgresql.yaml diff --git a/apps/django/base/backend-deployment.yaml b/apps/django/base/backend-deployment.yaml new file mode 100644 index 0000000..e2798b9 --- /dev/null +++ b/apps/django/base/backend-deployment.yaml @@ -0,0 +1,253 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: django + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/backend:production_a96dead0 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ALLOWED_HOSTS + value: '*' + - name: SERVER_USE_CHANGELOG + value: "0" + - name: SERVER_ZITADEL_ENABLED + value: "False" + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: CELERY_REDIS_HOST + value: redis-service + - name: CELERY_REDIS_PORT + value: "6379" + - name: DJANGO_REDIS_HOST + value: redis-service + - name: DJANGO_REDIS_PORT + value: "6379" + - name: BIMV2_INTERNAL_HOST + value: http://bim-backend-v2-service.bim-api + - name: BIMV2_TIMEOUT + value: "60" + - name: JWT_KID + value: "1" + - name: PDM_SYNC + value: "1" + - name: KC_SYNC_ENABLE + value: "0" + - name: MEASUREMENTS_HOST + value: http://measurements-service.measurements.svc.cluster.local:8000/api + - name: MEASUREMENTS_USE_MEASUREMENTS + value: "1" + - name: SERVER_API_HOST + value: https://wb.sarex.io + - name: SERVER_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_BASE_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_USE + value: "1" + - name: SERVER_S3_STREAM_IMPORT + value: "1" + - name: SERVER_SAVE_DIFF_DEM + value: "1" + - name: SERVER_USE_CLICKHOUSE + value: "0" + - name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK + value: "0" + - name: SERVER_USE_DJANGO_STORAGE + value: "1" + - name: SERVER_USE_METASHAPE + value: "0" + - name: SERVER_CHANGELOG_MODE_SYSTEM_LOG + value: "1" + - name: SERVER_CHANGELOG_MODE + value: "0" + - name: SERVER_DJANGO_URLS + value: "1" + - name: CHECK_IMPORT_HASH + value: "1" + - name: EAV_ENABLE + value: "1" + - name: SERVER_CHECK_IMPORT_HASH + value: "1" + - name: SERVER_CHUNKED_PATH + value: /tmp/chunked_uploads/%Y/%m/%d + - name: SERVER_HIDE_USER_SCROLL_PERMISSIONS + value: "0" + - name: SERVER_USE_WRORKFLOW_STATUS + value: "1" + - name: SERVER_ZITADEL_ENABLED + value: "True" + - name: ZITADEL_HOST + value: https://zitadel-srx.wb.ru + - name: ZITADEL_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: access_token + name: zitadel-secret + - name: SERVER_KAFKA_ENABLED + value: "True" + - name: KAFKA_TOPICS + value: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' + - name: KAFKA_BOOTSTRAP_SERVERS + value: '["wb-prod-kafka-bootstrap.kafka.svc.cluster.local:9093"]' + - name: KAFKA_SECURITY_PROTOCOL + value: SSL + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: KAFKA_SASL_MECHANISM + value: SCRAM-SHA-512 + - name: KAFKA_SSL_CAFILE + value: /usr/local/share/ca-certificates/kafka.crt + - name: AWS_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: S3_HOST + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: DJANGO_POSTGRES_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DJANGO_POSTGRES_PORTS + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DJANGO_POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DJANGO_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_POSTGRES_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DJANGO_RABBIT_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: DJANGO_RABBIT_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: DJANGO_RABBIT_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: DJANGO_RABBIT_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + - name: S3_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: S3_LOGIN + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: KC_USE_REDIRECT_LOGOUT + value: "False" + + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: django-configmap + mountPath: /opt/sarex/config/settings/production.py + subPath: production.py + imagePullSecrets: + - name: regcred diff --git a/apps/django/base/backend-service.yaml b/apps/django/base/backend-service.yaml new file mode 100644 index 0000000..f46fcaf --- /dev/null +++ b/apps/django/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: django +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/django/base/celery-deployment.yaml b/apps/django/base/celery-deployment.yaml new file mode 100644 index 0000000..2e4bdb9 --- /dev/null +++ b/apps/django/base/celery-deployment.yaml @@ -0,0 +1,252 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: django + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/backend:production_a96dead0 + imagePullPolicy: IfNotPresent + command: ["celery", "-A", "config", "worker", , "-B", "-l", "info", "-E", "-Q", "default", "-n", "default_worker.%h", "--concurrency=2"] + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ALLOWED_HOSTS + value: '*' + - name: SERVER_USE_CHANGELOG + value: "0" + - name: SERVER_ZITADEL_ENABLED + value: "False" + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: CELERY_REDIS_HOST + value: redis-service + - name: CELERY_REDIS_PORT + value: "6379" + - name: DJANGO_REDIS_HOST + value: redis-service + - name: DJANGO_REDIS_PORT + value: "6379" + - name: BIMV2_INTERNAL_HOST + value: http://bim-backend-v2-service.bim-api + - name: BIMV2_TIMEOUT + value: "60" + - name: JWT_KID + value: "1" + - name: PDM_SYNC + value: "1" + - name: KC_SYNC_ENABLE + value: "0" + - name: MEASUREMENTS_HOST + value: http://measurements-service.measurements.svc.cluster.local:8000/api + - name: MEASUREMENTS_USE_MEASUREMENTS + value: "1" + - name: SERVER_API_HOST + value: https://wb.sarex.io + - name: SERVER_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_BASE_HOST + value: https://wb.sarex.io + - name: WORKFLOWS_USE + value: "1" + - name: SERVER_S3_STREAM_IMPORT + value: "1" + - name: SERVER_SAVE_DIFF_DEM + value: "1" + - name: SERVER_USE_CLICKHOUSE + value: "0" + - name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK + value: "0" + - name: SERVER_USE_DJANGO_STORAGE + value: "1" + - name: SERVER_USE_METASHAPE + value: "0" + - name: SERVER_CHANGELOG_MODE_SYSTEM_LOG + value: "1" + - name: SERVER_CHANGELOG_MODE + value: "0" + - name: SERVER_DJANGO_URLS + value: "1" + - name: CHECK_IMPORT_HASH + value: "1" + - name: EAV_ENABLE + value: "1" + - name: SERVER_CHECK_IMPORT_HASH + value: "1" + - name: SERVER_CHUNKED_PATH + value: /tmp/chunked_uploads/%Y/%m/%d + - name: SERVER_HIDE_USER_SCROLL_PERMISSIONS + value: "0" + - name: SERVER_USE_WRORKFLOW_STATUS + value: "1" + - name: SERVER_ZITADEL_ENABLED + value: "True" + - name: ZITADEL_HOST + value: https://zitadel-srx.wb.ru + - name: ZITADEL_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: access_token + name: zitadel-secret + - name: SERVER_KAFKA_ENABLED + value: "True" + - name: KAFKA_TOPICS + value: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' + - name: KAFKA_BOOTSTRAP_SERVERS + value: '["wb-prod-kafka-bootstrap.kafka.svc.cluster.local:9093"]' + - name: KAFKA_SECURITY_PROTOCOL + value: SSL + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: KAFKA_SASL_MECHANISM + value: SCRAM-SHA-512 + - name: KAFKA_SSL_CAFILE + value: /usr/local/share/ca-certificates/kafka.crt + - name: AWS_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: S3_HOST + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: DJANGO_POSTGRES_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DJANGO_POSTGRES_PORTS + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DJANGO_POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DJANGO_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_POSTGRES_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DJANGO_RABBIT_HOSTNAME + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: DJANGO_RABBIT_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: DJANGO_RABBIT_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: DJANGO_RABBIT_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + - name: S3_BUCKET + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: S3_LOGIN + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: KC_USE_REDIRECT_LOGOUT + value: "False" + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: django-configmap + mountPath: /opt/sarex/config/settings/production.py + subPath: production.py + imagePullSecrets: + - name: regcred diff --git a/apps/django/base/django-configmap.yaml b/apps/django/base/django-configmap.yaml new file mode 100644 index 0000000..58d0bce --- /dev/null +++ b/apps/django/base/django-configmap.yaml @@ -0,0 +1,281 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: django +data: + production.py: | + import os + from .base import * + from logging.handlers import SysLogHandler + from datetime import timedelta + + ALLOWED_HOSTS = ["*"] + FILE_UPLOAD_PERMISSIONS = 0o644 + DEBUG = False + CSRF_COOKIE_SECURE = True + CSRF_TRUSTED_ORIGINS = ["https://lk.srx.wb.ru:30443", "https://lk.srx.wb.ru"] + SESSION_COOKIE_SECURE = True + SECURE_SSL_REDIRECT = False + + SECRET_KEY = 't2=9+($2f%7ptsdy4!rby$)mcfl1l%o2e@vs^d(g&(wwi&%k1v' + + CORS_ORIGIN_ALLOW_ALL = True + SERVERSETTINGS.cache_enabled = True + INSTALLED_APPS = list(INSTALLED_APPS) + ['corsheaders'] + + CORS_ALLOW_METHODS = ( + 'DELETE', + 'GET', + 'OPTIONS', + 'PATCH', + 'POST', + 'PUT', + ) + BASIC_USER_ID = 2 + + CORS_ALLOW_HEADERS = ( + 'accept', + 'accept-encoding', + 'authorization', + 'content-type', + 'user-agent', + 'x-csrftoken', + 'x-requested-with', + 'x-token', + 'Bearer', + ) + + HOST = "https://wb.sarex.io" + + POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE') + POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER') + POSTGRES_PASSWORD = os.environ.get('DJANGO_POSTGRES_PASSWORD') + POSTGRES_HOST = os.environ.get('DJANGO_POSTGRES_HOST') + POSTGRES_PORTS = os.environ.get('DJANGO_POSTGRES_PORTS', "5432") + + DATABASES = { + 'default': { + 'ENGINE': 'django_prometheus.db.backends.postgresql', + 'NAME': POSTGRES_DATABASE, + 'USER': POSTGRES_USER, + 'PASSWORD': POSTGRES_PASSWORD, + 'HOST': POSTGRES_HOST, + 'PORT': POSTGRES_PORTS, + } + } + + LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'filters': { + 'require_debug_false': { + '()': 'django.utils.log.RequireDebugFalse', + } + }, + 'formatters': { + 'verbose': { + 'format': '[contactor] %(levelname)s %(asctime)s %(message)s', + }, + }, + 'handlers': { + 'console': { + 'level': 'DEBUG', + 'class': 'logging.StreamHandler', + }, + 'sentry': { + 'level': 'ERROR', + 'filters': ['require_debug_false'], + 'class': 'logging.StreamHandler', + }, + }, + 'loggers': { + '': { + 'handlers': ['console', 'sentry'], + 'level': 'INFO', + 'propagate': False, + }, + } + } + + COMPARATOR_JWT = os.environ.get("COMPARATOR_JWT", "default_jwt") + COMPARATOR_URL = os.environ.get("COMPARATOR_URL", "https://wb.sarex.io/comparator") + COMPARATOR_SECTION = os.environ.get("COMPARATOR_SECTION", "sarex-production-storage") + + SIMPLE_JWT = { + 'ACCESS_TOKEN_LIFETIME': timedelta(hours=1), + 'REFRESH_TOKEN_LIFETIME': timedelta(days=1), + 'ROTATE_REFRESH_TOKENS': False, + 'BLACKLIST_AFTER_ROTATION': True, + 'UPDATE_LAST_LOGIN': False, + 'ALGORITHM': 'RS512', + 'SIGNING_KEY': os.environ.get("JWT_PRIVATE_KEY").replace("\\n", "\n"), + 'VERIFYING_KEY': os.environ.get("JWT_PUBLIC_KEY").replace("\\n", "\n"), + 'AUDIENCE': None, + 'ISSUER': os.environ.get('SIMPLE_JWT_ISSUER', 'default_issuer'), + 'AUTH_HEADER_TYPES': ('Bearer',), + 'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION', + 'USER_ID_FIELD': 'id', + 'USER_ID_CLAIM': 'user_id', + 'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',), + 'TOKEN_TYPE_CLAIM': 'token_type', + 'JTI_CLAIM': 'jti', + 'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp', + 'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5), + 'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1), + } + + os.environ["DJANGO_ALLOW_ASYNC_UNSAFE"] = "true" + DEFAULT_FILE_STORAGE = 'sarex.core.storages.CustomS3Boto3Storage' + DATA_UPLOAD_MAX_MEMORY_SIZE = 268435456 + + if not os.environ.get('ISOLATED', False): + import sentry_sdk + from sentry_sdk.integrations.django import DjangoIntegration + + sentry_sdk.init( + dsn="https://3df2f4b8d3d14595a06c92e9d7c562cb@sentry.io/1501541", + integrations=[DjangoIntegration()], + environment=os.environ.get('SENTRY_ENVIRONMENT', 'production'), + send_default_pii=True, + ) + + COMPARISON_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/comparisons" + DOCUMENTATION_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/documentations" + PDM_FILES_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/files" + + WORKFLOWS_TASKS = { + "update_orthomosaic_data": { + "image": f"{os.environ.get('WORKFLOWSSETTINGS_REGISTRY')}/update-orthomosaic-data:dev", + "service_requests": ["django-auth"], + "backoff_limit": 3, + }, + } + + REST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': ( + 'rest_framework.pagination.LimitOffsetPagination' ), + 'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema', + 'PAGE_SIZE': 1000, 'DEFAULT_FILTER_BACKENDS': [ + 'django_filters.rest_framework.DjangoFilterBackend' ], + 'DEFAULT_AUTHENTICATION_CLASSES': [ + 'sarex.authentication.backends.ZitadelJWTAuthentication', + 'rest_framework.authentication.RemoteUserAuthentication', + 'rest_framework_simplejwt.authentication.JWTAuthentication', + 'rest_framework.authentication.BasicAuthentication', + 'rest_framework.authentication.SessionAuthentication', + 'sarex.authentication.backends.JWTAuthentication' ], + 'DEFAULT_PERMISSION_CLASSES': [ + 'rest_framework.permissions.IsAuthenticated', ] } + + AUTHENTICATION_BACKENDS = [ + 'sarex.authentication.backends.CustomRemoteUserBackend', + 'django.contrib.auth.backends.ModelBackend', + 'guardian.backends.ObjectPermissionBackend', + ] + + MIDDLEWARE = [ + 'django_prometheus.middleware.PrometheusBeforeMiddleware', + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + #'django_keycloak.middlewares.AuthorizationHeaderMiddleware', + #'django_keycloak.middlewares.KeycloakSessionMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + #'django.contrib.auth.middleware.RemoteUserMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'django_user_agents.middleware.UserAgentMiddleware', + 'simple_history.middleware.HistoryRequestMiddleware', + 'django_prometheus.middleware.PrometheusAfterMiddleware', ] + + + class KeyCloakSettings(BaseSettings): + client_id: str = "client_id" + client_secret: str = "client_secret" + discovery_url: str = "https://login.wb.sarex.io/realms/sarex/.well-known/openid-configuration" + staff: Optional[str] = "Sarex staff" + superuser: Optional[str] = "Sarex superusers" + sync_with_django: bool = True + sync_admin: bool = False + group_prefix: str = 'Sarex-Role' + company_prefix: str = 'Sarex-Company' + department_prefix: str = 'Sarex-Department' + position_prefix: str = 'Sarex-Position' + separator: str = '__' + sync_user_groups: bool = False + sync_user_positions: bool = False + sync_user_departments: bool = False + sync_user_companies: bool = False + use_redirect_logout: bool = False + logout_redirect_uri: str = "/" + default_group_name: Optional[str] = 'Тест' + default_company_name: Optional[str] = 'Брусника' + trusted_uri: List[str] = ['/api/core/orthophotos/', '/api/token', '/api/token/me'] + trusted_uri: List[str] = [] + + class Config: + env_prefix = "KC_" + + + KEYCLOAKSETTINGS = KeyCloakSettings() + + REMOTE_USER_DEFAULT_COMPANY_ID = 1 + SAREX_MODULES = [ + { + "name": "Замечания", + "uri": "/remarks" + }, + # { + # "name": "Управление проектами", + # "uri": "/management/projects", + # }, + { + "name": "Замечания V2", + "uri": "/issues" + }, + { + "name": "Документация", + "uri": "/documentations", + }, + { + "name": "Согласование документов", + "uri": "/reviews" + }, + { + "name": "Рабочие процессы", + "uri": "/processes" + }, + { + "name": "Запросы", + "uri": "/rfi" + }, + # { + # "name": "Обзор", + # "uri": "/projects" + # }, + { + "name": "Передача документации", + "uri": "/transmittal" + }, + ] + AUTH_SETTINGS = { + "refresh_token": False, + "refresh_token_uri": "/api/token/me", + "refresh_oauth_token": True, + "refresh_oauth_token_uri": "/oauth/token", + "refresh_time": 240, + } + + + DEBUG=True + #WEB_APP_AUTH_MODE='jwt-session-based' + + + SAREX_MODULES_SETTINGS = { + "aero": { + "enable_new_media": True + }, + "sso_logout_redirect": True + } + diff --git a/apps/django/base/frontend-deployment.yaml b/apps/django/base/frontend-deployment.yaml new file mode 100644 index 0000000..713eaa7 --- /dev/null +++ b/apps/django/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: django + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-frontend-dev:contour_0b579274 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/django/base/frontend-service.yaml b/apps/django/base/frontend-service.yaml new file mode 100644 index 0000000..ab9f927 --- /dev/null +++ b/apps/django/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: django +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/django/base/kustomization.yaml b/apps/django/base/kustomization.yaml new file mode 100644 index 0000000..e1d9276 --- /dev/null +++ b/apps/django/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: django +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml + - production-configmap.yaml diff --git a/apps/django/base/namespace.yaml b/apps/django/base/namespace.yaml new file mode 100644 index 0000000..33478ea --- /dev/null +++ b/apps/django/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: django + labels: + istio-injection: enabled diff --git a/apps/django/yc-k8s-test/kustomization.yaml b/apps/django/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/django/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/django/yc-k8s-test/postgresql.yaml b/apps/django/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..ffb1a1b --- /dev/null +++ b/apps/django/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: django +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: sarex_db + user: sarex + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 7f78c15..b48b739 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -33,4 +33,5 @@ resources: - ../../apps/flows/yc-k8s-test - ../../apps/issues/yc-k8s-test - ../../apps/documentations/yc-k8s-test - - ../../apps/bim/yc-k8s-test \ No newline at end of file + - ../../apps/bim/yc-k8s-test + - ../../apps/django/yc-k8s-test \ No newline at end of file From 949009dd665cca81ddc0b95d668e66db21bd0a6d Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 12:56:19 +0500 Subject: [PATCH 2/9] fix --- apps/django/base/celery-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/django/base/celery-deployment.yaml b/apps/django/base/celery-deployment.yaml index 2e4bdb9..fa8b7bf 100644 --- a/apps/django/base/celery-deployment.yaml +++ b/apps/django/base/celery-deployment.yaml @@ -30,7 +30,7 @@ spec: - name: celery image: cr.yandex/crp3ccidau046kdj8g9q/backend:production_a96dead0 imagePullPolicy: IfNotPresent - command: ["celery", "-A", "config", "worker", , "-B", "-l", "info", "-E", "-Q", "default", "-n", "default_worker.%h", "--concurrency=2"] + command: ["celery", "-A", "config", "worker", "-B", "-l", "info", "-E", "-Q", "default", "-n", "default_worker.%h", "--concurrency=2"] ports: - name: http From d1a5781bcc729fcf65cefcbf28b66db950b3f9b3 Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 12:58:14 +0500 Subject: [PATCH 3/9] fix --- apps/django/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/django/base/kustomization.yaml b/apps/django/base/kustomization.yaml index e1d9276..3d5e168 100644 --- a/apps/django/base/kustomization.yaml +++ b/apps/django/base/kustomization.yaml @@ -9,4 +9,4 @@ resources: - frontend-deployment.yaml - backend-service.yaml - frontend-service.yaml - - production-configmap.yaml + - django-configmap.yaml From a3ab42ba801e30b097c222dcc5fc69bfd97dcb66 Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 13:02:50 +0500 Subject: [PATCH 4/9] fix --- apps/django/base/backend-deployment.yaml | 2 -- apps/django/base/celery-deployment.yaml | 2 -- 2 files changed, 4 deletions(-) diff --git a/apps/django/base/backend-deployment.yaml b/apps/django/base/backend-deployment.yaml index e2798b9..e19a561 100644 --- a/apps/django/base/backend-deployment.yaml +++ b/apps/django/base/backend-deployment.yaml @@ -105,8 +105,6 @@ spec: value: "0" - name: SERVER_USE_WRORKFLOW_STATUS value: "1" - - name: SERVER_ZITADEL_ENABLED - value: "True" - name: ZITADEL_HOST value: https://zitadel-srx.wb.ru - name: ZITADEL_ACCESS_TOKEN diff --git a/apps/django/base/celery-deployment.yaml b/apps/django/base/celery-deployment.yaml index fa8b7bf..61da1e9 100644 --- a/apps/django/base/celery-deployment.yaml +++ b/apps/django/base/celery-deployment.yaml @@ -107,8 +107,6 @@ spec: value: "0" - name: SERVER_USE_WRORKFLOW_STATUS value: "1" - - name: SERVER_ZITADEL_ENABLED - value: "True" - name: ZITADEL_HOST value: https://zitadel-srx.wb.ru - name: ZITADEL_ACCESS_TOKEN From 5933ecfa0288dd28247555f0e1e5b157d62353bf Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 13:46:34 +0500 Subject: [PATCH 5/9] fix --- apps/django/base/backend-deployment.yaml | 2 +- apps/django/base/celery-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/django/base/backend-deployment.yaml b/apps/django/base/backend-deployment.yaml index e19a561..0d417aa 100644 --- a/apps/django/base/backend-deployment.yaml +++ b/apps/django/base/backend-deployment.yaml @@ -113,7 +113,7 @@ spec: key: access_token name: zitadel-secret - name: SERVER_KAFKA_ENABLED - value: "True" + value: "False" - name: KAFKA_TOPICS value: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' - name: KAFKA_BOOTSTRAP_SERVERS diff --git a/apps/django/base/celery-deployment.yaml b/apps/django/base/celery-deployment.yaml index 61da1e9..fde3700 100644 --- a/apps/django/base/celery-deployment.yaml +++ b/apps/django/base/celery-deployment.yaml @@ -115,7 +115,7 @@ spec: key: access_token name: zitadel-secret - name: SERVER_KAFKA_ENABLED - value: "True" + value: "False" - name: KAFKA_TOPICS value: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' - name: KAFKA_BOOTSTRAP_SERVERS From 0d8fc6737d6b91645822359964043f77178e5ab6 Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 14:47:42 +0500 Subject: [PATCH 6/9] fix --- apps/bim/yc-k8s-test/postgresql.yaml | 2 +- apps/processing/base/api-deployment.yaml | 86 +++++++ apps/processing/base/api-service.yaml | 15 ++ apps/processing/base/engine-low.yaml | 243 ++++++++++++++++++ apps/processing/base/engine.yaml | 240 +++++++++++++++++ apps/processing/base/frontend-deployment.yaml | 32 +++ apps/processing/base/frontend-service.yaml | 15 ++ apps/processing/base/kustomization.yaml | 12 + apps/processing/base/namespace.yaml | 7 + .../processing/yc-k8s-test/kustomization.yaml | 7 + apps/processing/yc-k8s-test/postgresql.yaml | 111 ++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 12 files changed, 771 insertions(+), 2 deletions(-) create mode 100644 apps/processing/base/api-deployment.yaml create mode 100644 apps/processing/base/api-service.yaml create mode 100644 apps/processing/base/engine-low.yaml create mode 100644 apps/processing/base/engine.yaml create mode 100644 apps/processing/base/frontend-deployment.yaml create mode 100644 apps/processing/base/frontend-service.yaml create mode 100644 apps/processing/base/kustomization.yaml create mode 100644 apps/processing/base/namespace.yaml create mode 100644 apps/processing/yc-k8s-test/kustomization.yaml create mode 100644 apps/processing/yc-k8s-test/postgresql.yaml diff --git a/apps/bim/yc-k8s-test/postgresql.yaml b/apps/bim/yc-k8s-test/postgresql.yaml index bb424a6..0b8eea0 100644 --- a/apps/bim/yc-k8s-test/postgresql.yaml +++ b/apps/bim/yc-k8s-test/postgresql.yaml @@ -44,7 +44,7 @@ spec: image: registry: cr.yandex/crp3ccidau046kdj8g9q repository: contour/postgresql - tag: 17.0.2 + tag: 13.0.7 pullPolicy: Always metrics: enabled: false diff --git a/apps/processing/base/api-deployment.yaml b/apps/processing/base/api-deployment.yaml new file mode 100644 index 0000000..4c0fe72 --- /dev/null +++ b/apps/processing/base/api-deployment.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflows-api + namespace: processing + labels: + app: workflows-api + service: workflows-api +spec: + replicas: 1 + selector: + matchLabels: + app: workflows-api + template: + metadata: + labels: + app: workflows-api + service: workflows-api + spec: + volumes: + defaultMode: 420 + containers: + - name: workflows-api + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_9ae8865a + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "3" + - name: HTTP_HOST + value: 0.0.0.0:8080 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: ENABLE_SQL_QUERY + value: "0" + - name: POSTGRES_SSL_USE + value: "0" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/api-service.yaml b/apps/processing/base/api-service.yaml new file mode 100644 index 0000000..6b29d65 --- /dev/null +++ b/apps/processing/base/api-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: processing +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/processing/base/engine-low.yaml b/apps/processing/base/engine-low.yaml new file mode 100644 index 0000000..beaf971 --- /dev/null +++ b/apps/processing/base/engine-low.yaml @@ -0,0 +1,243 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: engine-low + namespace: processing + labels: + app: engine-low + service: engine-low +spec: + replicas: 1 + selector: + matchLabels: + app: engine-low + template: + metadata: + labels: + app: engine-low + service: engine-low + spec: + volumes: + - name: yc-s3 + secret: + defaultMode: 420 + secretName: yc-s3 + - name: django-auth + secret: + defaultMode: 420 + secretName: django-auth + - name: smtp-secret + secret: + defaultMode: 420 + secretName: smtp-secret + containers: + - name: engine-low + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-engine:prod_b6e15fda + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ENVIRONMENT + value: prod + - name: WORKFLOWS_SENTRY_DSN + value: https://866b532efdbb4764a7551b76231232fc@o279218.ingest.sentry.io/543123 + - name: WORKFLOWS_SENTRY_DEBUG + value: "0" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + - name: RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: BIM_API_V2_DB + value: /etc/sarex/bim-api-v2-db-prod.json + - name: PDM_API_DB + value: /etc/pdm/pdm-api-db-prod.json + - name: WORKSPACE_API_DB + value: /etc/ws/ws-api-db-prod.json + - name: ISSUE_API_DB + value: /etc/issues/issue-api-db-prod.json + - name: MAILGUN + value: /etc/mailgun-secret/env.json + - name: SMTP + value: /etc/smtp-secret/smtp.json + - name: INTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: INTERNAL_FILESTREAM_URL + value: http://documentations-filestream.documentations.svc.cluster.local:8080 + - name: EXTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: EXTERNAL_FILESTREAM_URL + value: http://documentations-filestream-service.documentations.svc.cluster.local:8080 + - name: RESOURCES_API_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_S3_STORAGE + value: "1" + - name: ENABLE_S3V2_STORAGE + value: "1" + - name: ENABLE_PDM_STORAGE + value: "1" + - name: ENABLE_SMTP + value: "1" + - name: ENABLE_URL_STORAGE + value: "1" + - name: ENABLE_SRX_TMP + value: "1" + - name: ENABLE_BIM_API_V2_DB + value: "1" + - name: ENABLE_WORKSPACE_API_DB + value: "1" + - name: ENABLE_ISSUE_API_DB + value: "1" + - name: ENABLE_RESOURCES_API + value: "1" + - name: ENABLE_PDM_API_DB + value: "1" + - name: ENABLE_COMPARISONS_API_DB + value: "1" + - name: ENABLE_MAIL_GUN + value: "1" + - name: ENABLE_AMQP_EXECUTOR + value: "0" + - name: ENABLE_KUBERNETES_EXECUTOR + value: "1" + - name: MAX_WORKFLOWS_LIMIT + value: "5" + - name: CPU_COUNT + value: "1" + - name: MEMORY_GI + value: "1" + - name: CPU_COUNT_LOW_RESOURCES + value: "1" + - name: MEMORY_GI_LOW_RESOURCES + value: "1" + - name: CPU_COUNT_HIGH_MEM + value: "1" + - name: MEMORY_GI_HIGH_MEM + value: "1" + - name: ENABLE_TOLERATION + value: "1" + - name: COUNT_RUNNING_WORKERS + value: "1" + - name: COUNT_CANCELING_WORKERS + value: "1" + - name: COUNT_HANDLE_JOB_WORKERS + value: "1" + - name: BIM_API_DEBUG + value: "0" + - name: BIM_API_V2_DEBUG + value: "0" + - name: PDM_API_DEBUG + value: "0" + - name: COMPARISONS_API_DEBUG + value: "0" + - name: WORKSPACE_API_DEBUG + value: "0" + - name: JOBS_NAMESPACE + value: workflow + - name: ISSUE_API_DEBUG + value: "0" + - name: TOLERATION_KEY + value: dedicated + - name: TOLERATION_VALUE + value: processing-light + - name: TOLERATION_KEY_HIGH_MEM + value: dedicated + - name: TOLERATION_VALUE_HIGH_MEM + value: processing-light + - name: TOLERATION_KEY_PERSISTENT + value: dedicated + - name: TOLERATION_VALUE_PERSISTENT + value: processing-light + - name: RABBITMQ_CREATE_EXCHANGE + value: autodesk.inputMessage + - name: RABBITMQ_CANCEL_EXCHANGE + value: autodesk.cancelMessage + - name: RABBITMQ_CREATE_ROUTING_KEY + value: converting + - name: RABBITMQ_CANCEL_TOPIC + value: cancel + - name: RABBITMQ_COMPLETENESS_EXCHANGE + value: autodesk.outputMessage + - name: RABBITMQ_COMPLETENESS_TOPIC + value: output_navis + - name: CONTROL_PLANE_PERIOD + value: 10s + - name: WORKFLOW_PRIORITY + value: low + - name: ENABLE_TOLERATION + value: "1" + - name: DEFAULT_TOLERATION_KEY + value: dedicated + - name: DEFAULT_TOLERATION_VALUE + value: processing-light + - name: DEFAULT_NODE_SELECTOR_KEY + value: dedicated + - name: DEFAULT_NODE_SELECTOR_VALUE + value: processing-light + + resources: + requests: + cpu: "1" + memory: 1Gi + + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/engine.yaml b/apps/processing/base/engine.yaml new file mode 100644 index 0000000..30d4639 --- /dev/null +++ b/apps/processing/base/engine.yaml @@ -0,0 +1,240 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: engine + namespace: processing + labels: + app: engine + service: engine + replicas: 1 + selector: + matchLabels: + app: engine + template: + metadata: + labels: + app: engine + service: engine + spec: + volumes: + - name: yc-s3 + secret: + defaultMode: 420 + secretName: yc-s3 + - name: django-auth + secret: + defaultMode: 420 + secretName: django-auth + - name: smtp-secret + secret: + defaultMode: 420 + secretName: smtp-secret + containers: + - name: engine + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-engine:prod_b6e15fda + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ENVIRONMENT + value: prod + - name: WORKFLOWS_SENTRY_DSN + value: https://866b532efdbb4764a7551b76231232fc@o279218.ingest.sentry.io/543123 + - name: WORKFLOWS_SENTRY_DEBUG + value: "0" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + - name: RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: BIM_API_V2_DB + value: /etc/sarex/bim-api-v2-db-prod.json + - name: PDM_API_DB + value: /etc/pdm/pdm-api-db-prod.json + - name: WORKSPACE_API_DB + value: /etc/ws/ws-api-db-prod.json + - name: ISSUE_API_DB + value: /etc/issues/issue-api-db-prod.json + - name: MAILGUN + value: /etc/mailgun-secret/env.json + - name: SMTP + value: /etc/smtp-secret/smtp.json + - name: INTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: INTERNAL_FILESTREAM_URL + value: http://documentations-filestream.documentations.svc.cluster.local:8080 + - name: EXTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: EXTERNAL_FILESTREAM_URL + value: http://documentations-filestream-service.documentations.svc.cluster.local:8080 + - name: RESOURCES_API_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_S3_STORAGE + value: "1" + - name: ENABLE_S3V2_STORAGE + value: "1" + - name: ENABLE_PDM_STORAGE + value: "1" + - name: ENABLE_SMTP + value: "1" + - name: ENABLE_URL_STORAGE + value: "1" + - name: ENABLE_SRX_TMP + value: "1" + - name: ENABLE_BIM_API_V2_DB + value: "1" + - name: ENABLE_WORKSPACE_API_DB + value: "1" + - name: ENABLE_ISSUE_API_DB + value: "1" + - name: ENABLE_RESOURCES_API + value: "1" + - name: ENABLE_PDM_API_DB + value: "1" + - name: ENABLE_COMPARISONS_API_DB + value: "1" + - name: ENABLE_MAIL_GUN + value: "1" + - name: ENABLE_AMQP_EXECUTOR + value: "0" + - name: ENABLE_KUBERNETES_EXECUTOR + value: "1" + - name: MAX_WORKFLOWS_LIMIT + value: "5" + - name: CPU_COUNT + value: "1" + - name: MEMORY_GI + value: "1" + - name: CPU_COUNT_LOW_RESOURCES + value: "1" + - name: MEMORY_GI_LOW_RESOURCES + value: "1" + - name: CPU_COUNT_HIGH_MEM + value: "1" + - name: MEMORY_GI_HIGH_MEM + value: "1" + - name: ENABLE_TOLERATION + value: "1" + - name: COUNT_RUNNING_WORKERS + value: "1" + - name: COUNT_CANCELING_WORKERS + value: "1" + - name: COUNT_HANDLE_JOB_WORKERS + value: "1" + - name: BIM_API_DEBUG + value: "0" + - name: BIM_API_V2_DEBUG + value: "0" + - name: PDM_API_DEBUG + value: "0" + - name: COMPARISONS_API_DEBUG + value: "0" + - name: WORKSPACE_API_DEBUG + value: "0" + - name: JOBS_NAMESPACE + value: workflow + - name: ISSUE_API_DEBUG + value: "0" + - name: TOLERATION_KEY + value: dedicated + - name: TOLERATION_VALUE + value: processing-light + - name: TOLERATION_KEY_HIGH_MEM + value: dedicated + - name: TOLERATION_VALUE_HIGH_MEM + value: processing-light + - name: TOLERATION_KEY_PERSISTENT + value: dedicated + - name: TOLERATION_VALUE_PERSISTENT + value: processing-light + - name: RABBITMQ_CREATE_EXCHANGE + value: autodesk.inputMessage + - name: RABBITMQ_CANCEL_EXCHANGE + value: autodesk.cancelMessage + - name: RABBITMQ_CREATE_ROUTING_KEY + value: converting + - name: RABBITMQ_CANCEL_TOPIC + value: cancel + - name: RABBITMQ_COMPLETENESS_EXCHANGE + value: autodesk.outputMessage + - name: RABBITMQ_COMPLETENESS_TOPIC + value: output_navis + - name: CONTROL_PLANE_PERIOD + value: 10s + - name: ENABLE_TOLERATION + value: "1" + - name: DEFAULT_TOLERATION_KEY + value: dedicated + - name: DEFAULT_TOLERATION_VALUE + value: processing-light + - name: DEFAULT_NODE_SELECTOR_KEY + value: dedicated + - name: DEFAULT_NODE_SELECTOR_VALUE + value: processing-light + + resources: + requests: + cpu: "1" + memory: 1Gi + + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/frontend-deployment.yaml b/apps/processing/base/frontend-deployment.yaml new file mode 100644 index 0000000..0ec40a1 --- /dev/null +++ b/apps/processing/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: processing + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-frontend:wb_ebc15427 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/frontend-service.yaml b/apps/processing/base/frontend-service.yaml new file mode 100644 index 0000000..024ea55 --- /dev/null +++ b/apps/processing/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: processing +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/processing/base/kustomization.yaml b/apps/processing/base/kustomization.yaml new file mode 100644 index 0000000..aeeb0d0 --- /dev/null +++ b/apps/processing/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: processing +resources: + - namespace.yaml + - api-deployment.yaml + - engine-low.yaml + - engine.yaml + - frontend-deployment.yaml + - api-service.yaml + - frontend-service.yaml diff --git a/apps/processing/base/namespace.yaml b/apps/processing/base/namespace.yaml new file mode 100644 index 0000000..2068fd3 --- /dev/null +++ b/apps/processing/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: processing + labels: + istio-injection: enabled diff --git a/apps/processing/yc-k8s-test/kustomization.yaml b/apps/processing/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/processing/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/processing/yc-k8s-test/postgresql.yaml b/apps/processing/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..0483f00 --- /dev/null +++ b/apps/processing/yc-k8s-test/postgresql.yaml @@ -0,0 +1,111 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: processing +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: workflow_db + user: workflow + extensions: + - uuid-ossp + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index b48b739..f284992 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -34,4 +34,5 @@ resources: - ../../apps/issues/yc-k8s-test - ../../apps/documentations/yc-k8s-test - ../../apps/bim/yc-k8s-test - - ../../apps/django/yc-k8s-test \ No newline at end of file + - ../../apps/django/yc-k8s-test + - ../../apps/processing/yc-k8s-test \ No newline at end of file From a335de7ba3f29a3586ea6edd46d484026eeeff68 Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 14:51:02 +0500 Subject: [PATCH 7/9] fix --- apps/processing/base/engine.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps/processing/base/engine.yaml b/apps/processing/base/engine.yaml index 30d4639..e710cde 100644 --- a/apps/processing/base/engine.yaml +++ b/apps/processing/base/engine.yaml @@ -7,6 +7,8 @@ metadata: labels: app: engine service: engine + +spec: replicas: 1 selector: matchLabels: @@ -30,6 +32,7 @@ metadata: secret: defaultMode: 420 secretName: smtp-secret + containers: - name: engine image: cr.yandex/crp3ccidau046kdj8g9q/workflows-engine:prod_b6e15fda @@ -39,6 +42,7 @@ metadata: - name: http containerPort: 8000 protocol: TCP + env: - name: POSTGRES_POOL_SIZE value: "20" @@ -237,4 +241,4 @@ metadata: memory: 1Gi imagePullSecrets: - - name: regcred + - name: regcred \ No newline at end of file From 3dd9ec2ff657138e0f58389b788a873b7f297571 Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 14:52:26 +0500 Subject: [PATCH 8/9] fix --- apps/processing/base/engine-low.yaml | 2 -- apps/processing/base/engine.yaml | 2 -- 2 files changed, 4 deletions(-) diff --git a/apps/processing/base/engine-low.yaml b/apps/processing/base/engine-low.yaml index beaf971..7d66b95 100644 --- a/apps/processing/base/engine-low.yaml +++ b/apps/processing/base/engine-low.yaml @@ -173,8 +173,6 @@ spec: value: "1" - name: MEMORY_GI_HIGH_MEM value: "1" - - name: ENABLE_TOLERATION - value: "1" - name: COUNT_RUNNING_WORKERS value: "1" - name: COUNT_CANCELING_WORKERS diff --git a/apps/processing/base/engine.yaml b/apps/processing/base/engine.yaml index e710cde..610263b 100644 --- a/apps/processing/base/engine.yaml +++ b/apps/processing/base/engine.yaml @@ -224,8 +224,6 @@ spec: value: output_navis - name: CONTROL_PLANE_PERIOD value: 10s - - name: ENABLE_TOLERATION - value: "1" - name: DEFAULT_TOLERATION_KEY value: dedicated - name: DEFAULT_TOLERATION_VALUE From f446fb32edd575b15248635db2792d309fdd2383 Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 22 Apr 2026 14:54:54 +0500 Subject: [PATCH 9/9] fix --- apps/processing/base/api-deployment.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/apps/processing/base/api-deployment.yaml b/apps/processing/base/api-deployment.yaml index 4c0fe72..8ac0f41 100644 --- a/apps/processing/base/api-deployment.yaml +++ b/apps/processing/base/api-deployment.yaml @@ -18,8 +18,6 @@ spec: app: workflows-api service: workflows-api spec: - volumes: - defaultMode: 420 containers: - name: workflows-api image: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_9ae8865a