sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sarex:helm-master
Branches Tags
sarex:master
sarex:argocd-helm-master
sarex:helm
sarex:helm-master
..
compare: sarex:master
Branches Tags
sarex:master
sarex:argocd-helm-master
sarex:helm
sarex:helm-master

212 Commits
helm-maste ... master

Author SHA1 Message Date
Kochetkov S
759871c02b Move yc-ecp Gitea and Vault to invest domains 2026-06-02 16:44:18 +03:00
ivan
e9ec58cc73 ++ 2026-06-02 18:33:54 +05:00
Kochetkov S
86858bd7b4 Add Vault to yc-ecp 2026-06-02 16:14:45 +03:00
Kochetkov S
a76db8b2da add yc-ecp cluster 2026-06-02 16:07:43 +03:00
ivan
413287f28f ++ 2026-06-02 17:07:57 +05:00
ivan
160c4bcb2a ++ 2026-06-02 17:02:54 +05:00
ivan
a56f259897 ++ 2026-06-02 16:53:06 +05:00
ivan
77c9ed8fc9 ++ 2026-06-02 16:35:33 +05:00
ivan
4444301e27 ++ 2026-06-02 16:23:27 +05:00
ivan
11b5d8193a ++ 2026-06-02 16:11:28 +05:00
ivan
86581360a8 ++ 2026-06-02 16:06:23 +05:00
ivan
2e3d990f2b ++ 2026-06-02 16:03:43 +05:00
ivan
1a217705e9 ++ 2026-06-02 16:03:15 +05:00
ivan
fdb0af9d2f ++ 2026-06-02 16:02:00 +05:00
ivan
0d992920c0 ++ 2026-06-02 16:01:44 +05:00
ivan
57ff62f756 ++ 2026-06-02 15:56:17 +05:00
ivan
8fc7b7ccaa ++ 2026-06-02 15:54:45 +05:00
ivan
b98c1fd98e ++ 2026-06-02 15:54:24 +05:00
ivan
5ceb44e669 ++ 2026-06-02 15:53:17 +05:00
ivan
ac61373be1 ++ 2026-06-02 15:50:56 +05:00
ivan
d00c6a34dd ++ 2026-06-02 15:49:02 +05:00
ivan
26864608c3 ++ 2026-06-02 15:45:12 +05:00
ivan
5e5f060184 ++ 2026-06-02 15:35:55 +05:00
ivan
60909e0e58 ++ 2026-06-02 15:26:32 +05:00
ivan
a4de4c0efc ++ 2026-06-02 15:22:49 +05:00
Kochetkov S
3265b7fadc add vault to yc-cps-prod 2026-06-02 13:22:18 +03:00
ivan
bea2897c05 ++ 2026-06-02 15:22:02 +05:00
ivan
ba110aa3c7 ++ 2026-06-02 15:20:28 +05:00
ivan
9669510e59 ++ 2026-06-02 15:18:56 +05:00
ivan
7b7383aa82 ++ 2026-06-02 15:18:00 +05:00
Kochetkov S
78c90f2522 add yc-cps-prod cluster 2026-06-02 13:09:48 +03:00
Kochetkov S
4b6c5f5d71 Merge branch 'master' of gitlab.sarex.io:infra/iac 2026-06-02 13:09:09 +03:00
Kochetkov S
f10a13e22d add yc-cps-prod cluster 2026-06-02 13:08:58 +03:00
ivan
b0fc1791ff ++ 2026-06-02 15:08:54 +05:00
ivan
a8e06f6476 ++ 2026-06-02 15:05:22 +05:00
ivan
255d4612eb ++ 2026-06-02 15:04:28 +05:00
ivan
f8d3d3c5ea ++ 2026-06-02 15:01:30 +05:00
ivan
668c07b23f ++ 2026-06-02 14:52:53 +05:00
ivan
835d59ee88 ++ 2026-06-02 14:49:46 +05:00
ivan
5e0f8f103e ++ 2026-06-02 14:45:52 +05:00
ivan
5bb9931a6f ++ 2026-06-02 14:40:12 +05:00
ivan
b33e7fb772 ++ 2026-06-02 14:35:29 +05:00
ivan
9458038c13 ++ 2026-06-02 14:31:14 +05:00
Kochetkov S
9341eda0c2 Add vault image pull secret for brusnika 2026-06-02 11:30:32 +03:00
Kochetkov S
13b53bccb7 Add vault to brusnika clusters 2026-06-02 11:23:59 +03:00
Kochetkov S
9f80a3de58 Fix brusnika-prod flux path and add test-flux service 2026-06-01 18:35:38 +03:00
Kochetkov S
70f0d7f9bb add brusnika-prod 2026-06-01 17:59:51 +03:00
Kochetkov S
b29d519854 Add test service in test namespace for brusnika-stage 2026-06-01 16:59:02 +03:00
Kochetkov S
38bf5c91ca bootstrap brusnika-stage 2026-06-01 16:55:47 +03:00
Kochetkov S
7dded5aed3 correcto postgresql nodeslector 2026-05-28 23:05:51 +03:00
Kochetkov S
4a14419756 fix message hub secret 2026-05-28 22:57:46 +03:00
Kochetkov S
a328912649 Allow postgresql on regular yc-k8s-test-02 nodes 2026-05-28 18:52:10 +03:00
Kochetkov S
3e3ba52a04 Make auth services wait for postgresql 2026-05-28 18:47:36 +03:00
Kochetkov S
d2993c5b82 Add postgresql namespace to yc-k8s-test-02 2026-05-28 18:41:49 +03:00
Kochetkov S
fb0c82dff2 Add postgresql to yc-k8s-test-02 2026-05-28 18:39:15 +03:00
Kochetkov S
ae99372ecf Add platform services to yc-k8s-test-02 2026-05-28 18:35:00 +03:00
Kochetkov S
9722733275 fix istio gateway replica values 2026-05-28 17:42:07 +03:00
Kochetkov S
bd19d33b5a add istio resources 2026-05-28 17:25:11 +03:00
Kochetkov S
873fe2623e add istio resources 2026-05-28 16:43:56 +03:00
Kochetkov S
9a4701771e add minio + vault + lpp 2026-05-28 16:12:35 +03:00
Flux
a3aa4d9295 Add Flux sync manifests 2026-05-28 16:06:54 +03:00
Flux
477712075a Add Flux v2.8.5 component manifests 2026-05-28 16:06:49 +03:00
Kochetkov S
2b18adafa3 test repo sync 2026-05-28 15:49:47 +03:00
Kochetkov S
b9c5a7e948 Bump WB prometheus stack chart 2026-05-27 17:13:27 +03:00
Kochetkov S
184f334b24 Move WB node exporter to prometheus stack 2026-05-27 17:03:38 +03:00
Kochetkov S
90f43ffbc8 Add node label to WB node exporter scrape 2026-05-27 16:32:16 +03:00
Kochetkov S
7db6aae1d1 change node exporter job name 2026-05-27 14:13:03 +03:00
Kochetkov S
9bc33566e8 change node exporter job name 2026-05-27 13:51:25 +03:00
Kochetkov S
186a89ccab add pull secrets to postgres-exporter 2026-05-27 13:27:10 +03:00
Kochetkov S
b5446f8109 Fix WB exporters and Istio scrape targets 2026-05-27 13:06:17 +03:00
Kochetkov S
abe9d9c6a6 Scrape WB node exporter through service 2026-05-27 12:27:45 +03:00
Kochetkov S
9b715d52cc Route WB OTEL traces to OpenObserve 2026-05-27 12:18:56 +03:00
Kochetkov S
ccc6d5e415 Fix WB Grafana datasource and OpenObserve logs endpoint 2026-05-27 11:53:39 +03:00
Kochetkov S
c845011dc1 Fix WB VMStack standalone install 2026-05-27 11:38:37 +03:00
Kochetkov S
172028ba75 Generate WB Grafana admin secret 2026-05-27 11:31:50 +03:00
Kochetkov S
afd4646137 Add WB Istio routes and OpenObserve log export 2026-05-27 11:30:23 +03:00
Kochetkov S
a4c7f745c2 Remove GlitchTip from WB cluster 2026-05-27 11:14:44 +03:00
Kochetkov S
e3ecb05efb Fix Flux helm remediation for monitoring 2026-05-25 17:22:52 +03:00
Kochetkov S
51c62cbccc Use generated monitoring secrets 2026-05-25 16:33:24 +03:00
Kochetkov S
2131400030 Remove hardcoded monitoring secrets 2026-05-25 15:10:30 +03:00
Kochetkov S
9b0ce21088 add moitoring stack 2026-05-25 14:11:33 +03:00
Kochetkov S
bb6a2e4ef1 Add WB monitoring stack 2026-05-25 13:18:25 +03:00
Flux
3f5fd12152 Add Flux sync manifests 2026-05-25 12:55:29 +03:00
Flux
bbb4ed8146 Add Flux v2.8.8 component manifests 2026-05-25 12:55:21 +03:00
Kochetkov S
a2b2a3caf7 Use OpenObserve chart with single-node NATS fix 2026-05-21 16:39:00 +03:00
Kochetkov S
ff7f7d4cd7 Use OpenObserve chart with Vault wrapper 2026-05-21 16:25:22 +03:00
Kochetkov S
02b314afef Use published observability charts 2026-05-21 16:09:10 +03:00
Kochetkov S
db766445dd add glitchtip + openobserve 2026-05-21 13:49:50 +03:00
Kochetkov S
26639b6208 test(db): right-size postgres requests to observed usage 2026-05-21 11:53:50 +03:00
Kochetkov S
663b06a529 test: reduce business app requests based on current yc-k8s-test usage 2026-05-21 11:46:11 +03:00
Kochetkov S
9d9de98a1e lower requests 2026-05-21 11:08:01 +03:00
ivan
797502e50f ++ 2026-05-13 18:25:37 +05:00
ivan
691010471b ++ 2026-05-12 15:54:35 +05:00
ivan
28705c7adf ++ 2026-05-12 15:45:12 +05:00
ivan
84c4f2b83b ++ 2026-05-12 15:35:10 +05:00
ivan
d20e616ac6 ++ 2026-05-12 15:35:00 +05:00
ivan
ad0f6ed042 ++ 2026-05-12 15:28:20 +05:00
ivan
23e1924dce ++ 2026-05-12 15:24:02 +05:00
ivan
2759040a63 ++ 2026-05-12 15:21:21 +05:00
ivan
8a0caeb23d ++ 2026-05-12 14:56:33 +05:00
ivan
bb2a427fba ++ 2026-05-12 14:39:00 +05:00
ivan
e5783086e8 ++ 2026-05-12 14:31:31 +05:00
ivan
71d044e3db ++ 2026-05-12 14:26:39 +05:00
ivan
d93bdc89a1 ++ 2026-05-12 14:24:46 +05:00
ivan
bea3567c00 ++ 2026-05-12 14:23:28 +05:00
ivan
ab11edd178 ++ 2026-05-12 14:20:35 +05:00
ivan
b544ba486e ++ 2026-05-12 14:18:33 +05:00
Kochetkov S
726cd2653c Fix documentations redis namespace 2026-05-12 11:01:30 +03:00
Flux
0a70a8cdd7 Add Flux sync manifests 2026-05-12 10:46:05 +03:00
emelinda
1318889944 Add service-level mermaid diagrams for all business applications under docs/apps folder, illustrating dependencies, namespaces, and inter-service connections 2026-05-08 17:20:45 +03:00
emelinda
57e2867d15 Expand infrastructure diagram in README.md to include detailed business service groups, dependencies, and inter-service connections 2026-05-08 17:03:08 +03:00
emelinda
5903d245d6 Add infrastructure diagram to README.md to illustrate cluster components, dependencies, and service interactions 2026-05-08 16:59:05 +03:00
ivan
4d1eeaf095 ++ 2026-05-07 11:21:23 +05:00
ivan
37f33d6fd0 ++ 2026-05-07 11:15:20 +05:00
ivan
9caf34586a ++ 2026-05-06 20:10:50 +05:00
ivan
e8e4dea2d7 ++ 2026-05-05 12:25:26 +07:00
ivan
f5e6e69cb4 ++ 2026-05-05 12:23:27 +07:00
ivan
c0b1e56513 ++ 2026-05-05 12:20:11 +07:00
ivan
e28de14fec ++ 2026-05-05 12:16:02 +07:00
ivan
990e94cd70 ++ 2026-05-05 12:12:11 +07:00
ivan
cfa5865d29 ++ 2026-05-05 12:09:13 +07:00
ivan
705dbc9094 ++ 2026-05-05 12:04:49 +07:00
ivan
52c5c5f21c ++ 2026-05-04 22:58:04 +07:00
ivan
3a0da6063d ++ 2026-05-04 22:54:33 +07:00
ivan
0a18ce9959 ++ 2026-05-04 22:49:40 +07:00
ivan
6731e3957d ++ 2026-05-04 22:45:45 +07:00
ivan
fdcac593f9 ++ 2026-05-04 22:43:23 +07:00
ivan
49ddad4afb ++ 2026-05-04 22:29:32 +07:00
ivan
7431cb0715 ++ 2026-05-04 22:18:20 +07:00
ivan
73f4ec07c1 ++ 2026-05-04 22:02:14 +07:00
ivan
cf613b0541 ++ 2026-05-04 22:00:25 +07:00
ivan
03ad1066b2 ++ 2026-05-04 21:59:14 +07:00
ivan
d774259f35 ++ 2026-05-04 21:58:40 +07:00
ivan
048749ed2b ++ 2026-05-04 21:54:48 +07:00
ivan
e873cb590e ++ 2026-05-04 21:52:37 +07:00
ivan
3df7f5ce28 ++ 2026-05-04 21:49:01 +07:00
ivan
ddac5858eb ++ 2026-05-04 21:32:49 +07:00
ivan
a5ccef02fc ++ 2026-05-04 20:58:25 +07:00
ivan
be9442c533 ++ 2026-05-04 20:39:08 +07:00
ivan
5ed5f12cc5 ++ 2026-05-04 20:35:00 +07:00
ivan
e542730b56 ++ 2026-05-04 20:30:00 +07:00
ivan
8a529e86c5 ++ 2026-05-04 20:28:06 +07:00
ivan
6a1c6c952a ++ 2026-05-04 20:25:23 +07:00
ivan
485d58b159 ++ 2026-05-04 20:19:16 +07:00
ivan
7209397a54 ++ 2026-05-04 20:18:06 +07:00
ivan
d187981b89 ++ 2026-05-04 20:17:34 +07:00
ivan
3b67767109 ++ 2026-05-04 20:13:32 +07:00
ivan
0e86a19ae3 ++ 2026-05-04 20:13:07 +07:00
ivan
97d3555347 ++ 2026-05-04 20:11:35 +07:00
ivan
940a83c756 ++ 2026-05-04 20:00:52 +07:00
ivan
4db31a4ac2 ++ 2026-05-04 19:54:16 +07:00
ivan
e80e11093d fix 2026-05-04 19:45:20 +07:00
ivan
d813476d85 ++ 2026-04-27 17:30:32 +07:00
Kochetkov S
434a2e056e fix kafka 2026-04-27 13:11:18 +03:00
ivan
11a88a2f99 ++ 2026-04-27 17:02:39 +07:00
ivan
8227c75d44 ++ 2026-04-27 16:49:53 +07:00
Kochetkov S
e633df20f6 Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac 2026-04-27 12:48:51 +03:00
ivan
2f35b24751 ++ 2026-04-27 16:48:43 +07:00
Kochetkov S
4ecf8b22c0 message hub + pm 2026-04-27 12:48:39 +03:00
ivan
58cfaff8d6 ++ 2026-04-27 16:41:29 +07:00
ivan
e32b0d91b1 ++ 2026-04-27 16:38:27 +07:00
Kochetkov S
d96f2a3080 message hub + pm 2026-04-27 12:19:06 +03:00
Kochetkov S
1ff421d025 Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac 2026-04-27 12:14:33 +03:00
Kochetkov S
41a8b47dd7 message hub + pm 2026-04-27 12:14:21 +03:00
ivan
e696211fc3 ++ 2026-04-27 15:41:26 +07:00
Kochetkov S
0872219553 Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac 2026-04-27 11:40:06 +03:00
Kochetkov S
dfc79f436c message hub + pm 2026-04-27 11:39:57 +03:00
ivan
f00b551627 ++ 2026-04-27 15:37:21 +07:00
ivan
fcd26833b1 ++ 2026-04-27 15:16:40 +07:00
ivan
4a772356fc ++ 2026-04-27 15:12:21 +07:00
ivan
4bb4859020 ++ 2026-04-27 15:06:44 +07:00
Kochetkov S
42bdc35434 Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac 2026-04-27 11:03:33 +03:00
Kochetkov S
0d6dd1c1b3 message hub + pm 2026-04-27 11:03:20 +03:00
ivan
1f32c479f2 ++ 2026-04-27 15:03:09 +07:00
ivan
770d4829b6 fix 2026-04-27 14:56:41 +07:00
ivan
c07128556b ++ 2026-04-27 14:50:11 +07:00
ivan
ea053344c0 fix 2026-04-27 14:47:07 +07:00
ivan
833899028c ++ 2026-04-27 14:42:20 +07:00
emelinda
df77d7ed3f Uncomment attachments app in yc-k8s-test kustomization configuration 2026-04-24 18:20:20 +03:00
emelinda
6540febd88 Comment out attachments app in yc-k8s-test kustomization configuration 2026-04-24 18:20:00 +03:00
emelinda
14078fdb5c Uncomment attachments app in yc-k8s-test kustomization configuration 2026-04-24 18:18:43 +03:00
emelinda
bf82f12af6 Comment out attachments app in yc-k8s-test kustomization configuration 2026-04-24 18:17:46 +03:00
emelinda
e37f20dcdc Remove namespace.yaml from attachments kustomization 2026-04-24 18:17:03 +03:00
emelinda
8fd2a859fc Update attachments HelmRelease chart version to 0.1.9 2026-04-24 18:11:54 +03:00
emelinda
98e52a13c5 Uncomment helmrelease.yaml in attachments kustomization 2026-04-24 18:08:13 +03:00
emelinda
ccf4091be7 Clean up attachments kustomization: comment out unused patches and HelmRelease resources 2026-04-24 18:05:00 +03:00
emelinda
315758fa99 Remove outdated comment in attachments HelmRelease configuration 2026-04-24 17:56:56 +03:00
emelinda
ec8b323664 Merge remote-tracking branch 'origin/master' 2026-04-24 17:33:26 +03:00
emelinda
a835c7779a Update attachments app: increase default replica count to 2 2026-04-24 17:33:14 +03:00
Kochetkov S
6ce34bd126 Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac 2026-04-24 17:31:48 +03:00
Kochetkov S
538663308c checklists 2026-04-24 17:29:36 +03:00
emelinda
fc728939d1 Remove unused ServiceAccount from attachments app and update HelmRelease configuration 2026-04-24 17:26:39 +03:00
emelinda
43d9f13f5b Merge branch 'helm' 2026-04-24 17:24:57 +03:00
emelinda
82c501dc71 Migrate attachments app to HelmRelease: update replicas and kustomization configuration 2026-04-24 17:24:23 +03:00
Kochetkov S
0cb6221397 checklists 2026-04-24 17:23:40 +03:00
emelinda
bc8698b5db Migrate attachments app to HelmRelease: replace Deployment and Service with HelmRelease and update kustomization configuration. 2026-04-24 17:21:56 +03:00
Kochetkov S
33401218b3 Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac 2026-04-24 17:03:37 +03:00
Kochetkov S
2611dd396f cde 2026-04-24 17:00:21 +03:00
ivan
55ec116fe2 ++ 2026-04-24 18:48:07 +05:00
Kochetkov S
48100152f4 cde 2026-04-24 16:40:48 +03:00
Kochetkov S
949c3dd017 cde 2026-04-24 16:33:07 +03:00
Kochetkov S
a2bcdfe1b4 cde 2026-04-24 16:29:11 +03:00
Kochetkov S
722fe996d6 Fix system-log Kafka Vault template newlines 2026-04-24 14:46:29 +03:00
Kochetkov S
a4f1949193 Enable Kafka in system-log api 2026-04-24 14:45:09 +03:00
Kochetkov S
f9b7b49482 Set required KAFKA_TOPIC for system-log api 2026-04-24 14:38:07 +03:00
Kochetkov S
ac8976dcfb Add system-log vault serviceaccount manifest 2026-04-24 14:27:38 +03:00
Kochetkov S
e924d58d89 Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac 2026-04-24 14:23:04 +03:00
Kochetkov S
fbb9180fcd system-log 2026-04-24 14:22:48 +03:00
ivan
0e6cae1d30 ++ 2026-04-24 15:56:45 +05:00
ivan
80ba779ab9 ++ 2026-04-24 15:51:27 +05:00
ivan
28f1f4f00e ++ 2026-04-24 15:41:00 +05:00
ivan
bdb5d25220 ++ 2026-04-24 15:37:09 +05:00
350 changed files with 55941 additions and 1794 deletions
Show Stats Expand all files Collapse all files

344
README.md
View File

@ -1,7 +1,349 @@
# FluxCD v2 Monorepo # FluxCD v2 Monorepooo
Репозиторий Infrastructure as Code, управляемый [FluxCD v2](https://fluxcd.io/) с использованием Kustomize-оверлеев и Helm-релизов. Репозиторий Infrastructure as Code, управляемый [FluxCD v2](https://fluxcd.io/) с использованием Kustomize-оверлеев и Helm-релизов.
## Карта инфраструктуры и межсервисных маршрутов
Диаграмма ниже показывает инфраструктурные компоненты кластера, их зависимости и типовые маршруты вызовов между бизнес-сервисами.
```mermaid
flowchart LR
%% ===== Внешний контур =====
User([👤 Пользователь<br/>Web / Mobile]):::ext
Admin([🛡 Администратор<br/>kubectl / flux]):::ext
LE([🔐 Let's Encrypt<br/>ACME v2]):::ext
GitRepo([📦 Git Repository<br/>FluxCD source]):::ext
OCI([🐳 OCI Registry<br/>cr.yandex]):::ext
%% ===== GitOps =====
subgraph GITOPS["⚙️ GitOps Control Plane"]
direction TB
FluxSource[source-controller]:::flux
FluxKust[kustomize-controller]:::flux
FluxHelm[helm-controller]:::flux
FluxNotif[notification-controller]:::flux
FluxSource --> FluxKust
FluxSource --> FluxHelm
FluxKust --> FluxNotif
FluxHelm --> FluxNotif
end
%% ===== Edge / Service Mesh =====
subgraph EDGE["🌐 Edge & Service Mesh — istio-system"]
direction TB
Gateway["Istio Gateway<br/>:443 / :80<br/>LoadBalancer"]:::mesh
Pilot["istiod / Pilot<br/>xDS :15010/:15012"]:::mesh
Base[Istio Base<br/>CRDs + RBAC]:::mesh
Cert["cert-manager<br/>v1.x"]:::mesh
IssuerProd[ClusterIssuer<br/>letsencrypt-prod]:::mesh
IssuerIstio[ClusterIssuer<br/>letsencrypt-istio]:::mesh
Pilot -->|sidecar inject| Gateway
Base --> Pilot
Cert --> IssuerProd
Cert --> IssuerIstio
IssuerIstio -. TLS cert .-> Gateway
end
%% ===== Платформа =====
subgraph PLATFORM["🛠 Платформа"]
direction TB
Dashboard["K8s Dashboard<br/>UI :8443"]:::platform
LPP["local-path-provisioner<br/>StorageClass: local-path"]:::platform
Vault["HashiCorp Vault<br/>:8200 KV/Transit"]:::platform
S3Proxy["S3 Proxy<br/>S3 API gateway"]:::platform
end
%% ===== Identity =====
subgraph IDENTITY["🪪 Identity & SSO"]
direction TB
Zitadel["Zitadel<br/>OIDC :8080"]:::identity
Keycloak["Keycloak<br/>OIDC/SAML :8080"]:::identity
OpenLDAP["OpenLDAP<br/>:389 / :636"]:::identity
Keycloak -- "LDAP federation" --> OpenLDAP
end
%% ===== Данные =====
subgraph DATA["🗄 Хранилища данных"]
direction TB
PG[("PostgreSQL<br/>:5432<br/>HA primary/replica")]:::data
Redis[("Redis<br/>:6379<br/>cache + pub/sub")]:::data
MinIO[("MinIO<br/>S3 :9000<br/>console :9001")]:::data
end
%% ===== Messaging =====
subgraph MSG["📨 Messaging"]
direction TB
Kafka[["Kafka<br/>:9092 / :9093 SASL<br/>3 brokers"]]:::msg
ZK[["ZooKeeper / KRaft<br/>:2181"]]:::msg
RMQ[["RabbitMQ<br/>:5672 / mgmt :15672"]]:::msg
Kafka --- ZK
end
%% ===== BPM =====
subgraph BPM["🔧 BPM"]
direction TB
Camunda["Camunda Platform<br/>REST :8080 / Tasklist"]:::app
Operate["Camunda Operate<br/>UI :8081"]:::app
end
%% ===== Бизнес-сервисы (каждый в своём namespace) =====
subgraph APPS["💼 Бизнес-сервисы — namespaces"]
direction LR
CI["ns: control-interface"]:::app
Django["ns: django"]:::app
EAV["ns: eav"]:::app
Workspaces["ns: workspaces"]:::app
Projects["ns: projects"]:::app
PM["ns: pm"]:::app
Contracts["ns: contracts"]:::app
Resources["ns: resources"]:::app
Subs["ns: subscriptions"]:::app
SysLog["ns: system-log"]:::app
MsgHub["ns: message-hub"]:::app
FaaS["ns: faas"]:::app
Flows["ns: flows"]:::app
Docs["ns: documentations"]:::app
DocLink["ns: document-link"]:::app
Attach["ns: attachments"]:::app
Transmittal["ns: transmittal"]:::app
CDE["ns: cde"]:::app
Drawings["ns: drawings"]:::app
BIM["ns: bim"]:::app
Stamp["ns: stamp-verification"]:::app
Inspect["ns: inspections"]:::app
Checklists["ns: checklists"]:::app
Remarks["ns: remarks"]:::app
Issues["ns: issues"]:::app
RFI["ns: rfi"]:::app
Reviews["ns: reviews"]:::app
Prescr["ns: prescriptions"]:::app
Compare["ns: comparisons"]:::app
Measure["ns: measurements"]:::app
Mapper["ns: mapper"]:::app
XSection["ns: cross-section"]:::app
Process["ns: processing"]:::app
Notes["ns: notes"]:::app
end
%% ===== GitOps потоки =====
Admin ==>|git push| GitRepo
GitRepo ==>|pull/poll| FluxSource
OCI ==>|OCI charts| FluxSource
FluxKust ==>|apply manifests| EDGE
FluxKust ==>|apply manifests| PLATFORM
FluxKust ==>|apply manifests| IDENTITY
FluxHelm ==>|HelmRelease| DATA
FluxHelm ==>|HelmRelease| MSG
FluxHelm ==>|HelmRelease| BPM
FluxHelm ==>|HelmRelease| APPS
%% ===== Внешний трафик =====
User ==>|HTTPS 443| Gateway
LE -. ACME HTTP-01 .-> Cert
Gateway ==>|VirtualService<br/>mTLS| CI
Gateway ==>|/api| Django
Gateway ==>|/bim| BIM
Gateway ==>|/cde| CDE
Gateway ==>|/docs| Docs
Gateway ==>|/pm| PM
Gateway ==>|VirtualService| Camunda
Gateway ==>|VirtualService| Operate
Gateway ==>|/auth| Keycloak
Gateway ==>|/oauth| Zitadel
Gateway ==>|/dashboard| Dashboard
Gateway ==>|/minio| MinIO
Admin -.->|kubectl| Dashboard
%% ===== Frontend → backend (через control-interface) =====
CI -- "API gateway" --> Django
CI -- "API gateway" --> PM
CI -- "API gateway" --> Projects
CI -- "API gateway" --> Workspaces
%% ===== Подключения к данным =====
Django -- "JDBC/ORM" --> PG
EAV -- "JDBC" --> PG
PM -- "JDBC" --> PG
Contracts -- "JDBC" --> PG
Resources -- "JDBC" --> PG
Projects -- "JDBC" --> PG
Workspaces -- "JDBC" --> PG
Subs -- "JDBC" --> PG
SysLog -- "JDBC" --> PG
Docs -- "JDBC" --> PG
DocLink -- "JDBC" --> PG
CDE -- "JDBC" --> PG
BIM -- "JDBC" --> PG
Drawings -- "JDBC" --> PG
Inspect -- "JDBC" --> PG
Checklists -- "JDBC" --> PG
Issues -- "JDBC" --> PG
Remarks -- "JDBC" --> PG
RFI -- "JDBC" --> PG
Reviews -- "JDBC" --> PG
Prescr -- "JDBC" --> PG
Compare -- "JDBC" --> PG
Measure -- "JDBC" --> PG
Mapper -- "JDBC" --> PG
XSection -- "JDBC" --> PG
Notes -- "JDBC" --> PG
Stamp -- "JDBC" --> PG
Transmittal -- "JDBC" --> PG
Camunda -- "JDBC" --> PG
Operate -- "JDBC" --> PG
Zitadel -- "JDBC" --> PG
Keycloak -- "JDBC" --> PG
%% ===== Redis (общий кэш / sessions) =====
Django -- "session/cache" --> Redis
CI -- "session" --> Redis
PM -- "cache" --> Redis
Workspaces -- "cache" --> Redis
Subs -- "pub/sub realtime" --> Redis
MsgHub -- "pub/sub" --> Redis
Flows -- "state" --> Redis
FaaS -- "queue" --> Redis
Camunda -- "cache" --> Redis
Keycloak -- "session" --> Redis
%% ===== S3 / объектное хранилище =====
Attach -- "PUT/GET" --> S3Proxy
Docs -- "filestream" --> S3Proxy
BIM -- "IFC/RVT" --> S3Proxy
Drawings -- "DWG/PDF" --> S3Proxy
CDE -- "files" --> S3Proxy
Compare -- "rendered diff" --> S3Proxy
Stamp -- "signed PDF" --> S3Proxy
Transmittal -- "bundles" --> S3Proxy
Process -- "raw + результаты" --> S3Proxy
Mapper -- "tiles" --> S3Proxy
Measure -- "snapshots" --> S3Proxy
XSection -- "профили" --> S3Proxy
S3Proxy -- "S3 API" --> MinIO
%% ===== Vault (secrets) =====
Django -. "kv" .-> Vault
Camunda -. "approle" .-> Vault
Keycloak -. "kv" .-> Vault
Zitadel -. "kv" .-> Vault
FaaS -. "approle" .-> Vault
Flows -. "approle" .-> Vault
%% ===== Storage / PVC =====
PG -.->|PVC| LPP
Redis -.->|PVC| LPP
Kafka -.->|PVC| LPP
ZK -.->|PVC| LPP
RMQ -.->|PVC| LPP
MinIO -.->|PVC| LPP
Vault -.->|PVC| LPP
%% ===== Kafka (event bus) =====
SysLog -- "consume audit.*" --> Kafka
MsgHub -- "produce notify.*" --> Kafka
Subs -- "consume notify.*" --> Kafka
Flows -- "produce/consume flows.*" --> Kafka
Camunda -- "produce bpm.events" --> Kafka
Operate -- "consume zeebe-records" --> Kafka
BIM -- "produce bim.processed" --> Kafka
Drawings -- "produce drawings.uploaded" --> Kafka
Process -- "consume processing.jobs" --> Kafka
Compare -- "consume drawings.uploaded" --> Kafka
Inspect -- "produce inspect.events" --> Kafka
Issues -- "consume inspect.events" --> Kafka
Remarks -- "produce remarks.events" --> Kafka
Reviews -- "consume remarks.events" --> Kafka
%% ===== RabbitMQ (work queues) =====
FaaS -- "consume tasks.*" --> RMQ
Flows -- "publish tasks.*" --> RMQ
Process -- "publish jobs" --> RMQ
Mapper -- "consume tile.jobs" --> RMQ
XSection -- "consume xs.jobs" --> RMQ
Stamp -- "consume sign.jobs" --> RMQ
Camunda -- "consume bpm.tasks" --> RMQ
%% ===== Межсервисные REST маршруты =====
PM -- "REST" --> Projects
PM -- "REST" --> Contracts
PM -- "REST" --> Resources
Projects -- "REST" --> Workspaces
Contracts -- "REST" --> Resources
Inspect -- "REST" --> Checklists
Inspect -- "REST" --> Issues
Issues -- "REST" --> Remarks
Reviews -- "REST" --> RFI
Reviews -- "REST" --> Prescr
RFI -- "REST" --> DocLink
DocLink --> Docs
DocLink --> CDE
CDE -- "REST" --> Docs
CDE -- "REST" --> Drawings
CDE -- "REST" --> BIM
Transmittal -- "REST" --> CDE
Transmittal -- "REST" --> Docs
Drawings -- "REST" --> Compare
Drawings -- "REST" --> Stamp
Measure -- "REST" --> Mapper
Mapper -- "REST" --> XSection
XSection --> Process
BIM -- "REST" --> Process
Notes -- "REST" --> DocLink
Flows -- "trigger" --> FaaS
Flows -- "start" --> Camunda
Camunda -- "callback" --> Flows
EAV -- "schemas" --> Django
MsgHub -- "deliver email/push" --> Subs
%% ===== AuthN / AuthZ =====
Django -. "OIDC validate" .-> Keycloak
CI -. "OIDC login" .-> Keycloak
PM -. "JWT" .-> Keycloak
Camunda -. "JWT" .-> Zitadel
Operate -. "OIDC" .-> Zitadel
Dashboard -. "OIDC" .-> Keycloak
BIM -. "JWT" .-> Keycloak
CDE -. "JWT" .-> Keycloak
Docs -. "JWT" .-> Keycloak
%% ===== Service mesh sidecar metrics =====
CI -. "envoy" .-> Pilot
Django -. "envoy" .-> Pilot
Camunda -. "envoy" .-> Pilot
BIM -. "envoy" .-> Pilot
Flows -. "envoy" .-> Pilot
%% ===== Стили =====
classDef ext fill:#1f2937,stroke:#9ca3af,stroke-width:2px,color:#f9fafb
classDef flux fill:#6366f1,stroke:#3730a3,stroke-width:2px,color:#fff
classDef mesh fill:#7c3aed,stroke:#4c1d95,stroke-width:2px,color:#fff
classDef platform fill:#0ea5e9,stroke:#075985,stroke-width:2px,color:#fff
classDef identity fill:#f59e0b,stroke:#92400e,stroke-width:2px,color:#fff
classDef data fill:#10b981,stroke:#065f46,stroke-width:2px,color:#fff
classDef msg fill:#ef4444,stroke:#991b1b,stroke-width:2px,color:#fff
classDef app fill:#ec4899,stroke:#9d174d,stroke-width:2px,color:#fff
style GITOPS fill:#e0e7ff,stroke:#6366f1,stroke-width:2px
style EDGE fill:#ede9fe,stroke:#7c3aed,stroke-width:2px
style PLATFORM fill:#e0f2fe,stroke:#0ea5e9,stroke-width:2px
style IDENTITY fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
style DATA fill:#d1fae5,stroke:#10b981,stroke-width:2px
style MSG fill:#fee2e2,stroke:#ef4444,stroke-width:2px
style BPM fill:#fce7f3,stroke:#ec4899,stroke-width:2px
style APPS fill:#fce7f3,stroke:#ec4899,stroke-width:2px
```
📂 **Подробные диаграммы по каждому бизнес-сервису:** [`docs/apps/`](./docs/apps/README.md)
**Легенда:**
- 🟪 **Edge / Mesh** — терминация TLS, маршрутизация и mTLS между сервисами (Istio + cert-manager)
- 🟦 **Платформа** — служебные компоненты (storage, secrets, S3 proxy, dashboard)
- 🟧 **Identity** — единый вход и федерация пользователей (Zitadel, Keycloak, OpenLDAP)
- 🟩 **Данные** — постоянные хранилища (PostgreSQL, Redis, MinIO)
- 🟥 **Messaging** — асинхронный обмен (Kafka, RabbitMQ)
- 🟪 **Бизнес-сервисы** — прикладная логика (Camunda, бизнес-приложения)
## Структура репозитория ## Структура репозитория
``` ```

70
apps/attachments/base/deployment.yaml
View File

@ -1,70 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: attachments
namespace: attachments
labels:
app: attachments
spec:
replicas: 1
selector:
matchLabels:
app: attachments
template:
metadata:
labels:
app: attachments
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: attachments
vault.hashicorp.com/agent-inject-secret-attachments-db: secrets/data/postgresql/apps/attachments
vault.hashicorp.com/agent-inject-template-attachments-db: |-
{{- with secret "secrets/data/postgresql/apps/attachments" -}}
DATABASE_HOST=postgresql.attachments.svc.cluster.local
DATABASE_PORT=5432
DATABASE_NAME=attachments_db
DATABASE_USER={{ index .Data.data "username" }}
DATABASE_PASSWORD={{ index .Data.data "password" }}
DATABASE_SSL_MODE=disable
{{- end -}}
vault.hashicorp.com/agent-inject-secret-attachments-s3: secrets/data/minio/apps/attachments
vault.hashicorp.com/agent-inject-template-attachments-s3: |-
{{- with secret "secrets/data/minio/apps/attachments" -}}
YANDEX_S3_ENDPOINT_URL=minio.minio:9000
YANDEX_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }}
YANDEX_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }}
YANDEX_S3_USE_SSL=false
YANDEX_S3_REGION=ru-central
YANDEX_S3_VERIFY=false
BUCKET_NAME=attachments
{{- end -}}
spec:
serviceAccountName: attachments-vault
containers:
- name: attachments
image: cr.yandex/crp3ccidau046kdj8g9q/attachments:feature_6238c882
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-ec"]
args:
- |
set -a
[ -f /vault/secrets/attachments-db ] && . /vault/secrets/attachments-db
[ -f /vault/secrets/attachments-s3 ] && . /vault/secrets/attachments-s3
set +a
exec /opt/attachments/entrypoint.sh
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: POSTGRES_POOL_SIZE
value: "10"
- name: API_ADDRESS
value: 0.0.0.0:8000
imagePullSecrets:
- name: regcred

110
apps/attachments/base/helmrelease.yaml Normal file
View File

@ -0,0 +1,110 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: attachments
namespace: attachments
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.9"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
attachments:
enabled: true
serviceAccount:
enabled:
_default: true
name:
_default: attachments-vault
deployment:
enabled: true
name:
_default: attachments
replicaCount:
_default: 1
port:
_default: 8000
command:
_default: ["/bin/bash", "-ec"]
args:
_default:
- |
set -a
[ -f /vault/secrets/attachments-db ] && . /vault/secrets/attachments-db
[ -f /vault/secrets/attachments-s3 ] && . /vault/secrets/attachments-s3
set +a
exec /opt/attachments/entrypoint.sh
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/attachments:feature_6238c882
pullPolicy:
_default: IfNotPresent
service:
enabled: true
name:
_default: attachments-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
envs:
- name: POSTGRES_POOL_SIZE
value:
_default: "10"
- name: API_ADDRESS
value:
_default: 0.0.0.0:8000
podAnnotations:
_default:
traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411,8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: attachments
vault.hashicorp.com/agent-inject-secret-attachments-db: secrets/data/postgresql/apps/attachments
vault.hashicorp.com/agent-inject-template-attachments-db: |-
{{- with secret "secrets/data/postgresql/apps/attachments" -}}
DATABASE_HOST=postgresql.attachments.svc.cluster.local
DATABASE_PORT=5432
DATABASE_NAME=attachments_db
DATABASE_USER={{ index .Data.data "username" }}
DATABASE_PASSWORD={{ index .Data.data "password" }}
DATABASE_SSL_MODE=disable
{{- end -}}
vault.hashicorp.com/agent-inject-secret-attachments-s3: secrets/data/minio/apps/attachments
vault.hashicorp.com/agent-inject-template-attachments-s3: |-
{{- with secret "secrets/data/minio/apps/attachments" -}}
YANDEX_S3_ENDPOINT_URL=minio.minio:9000
YANDEX_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }}
YANDEX_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }}
YANDEX_S3_USE_SSL=false
YANDEX_S3_REGION=ru-central
YANDEX_S3_VERIFY=false
BUCKET_NAME=attachments
{{- end -}}

5
apps/attachments/base/kustomization.yaml
View File

@ -3,7 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: attachments namespace: attachments
resources: resources:
- namespace.yaml - helmrelease.yaml
- serviceaccount.yaml
- deployment.yaml
- service.yaml

5
apps/attachments/base/serviceaccount.yaml
View File

@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: attachments-vault
namespace: attachments

10
apps/attachments/yc-k8s-test/kustomization.yaml
View File

@ -4,8 +4,8 @@ kind: Kustomization
resources: resources:
- ../base - ../base
- postgresql.yaml - postgresql.yaml
patches: patches: []
- path: replicas.yaml # - path: replicas.yaml
target: # target:
kind: Deployment # kind: HelmRelease
name: attachments # name: attachments

4
apps/attachments/yc-k8s-test/postgresql.yaml
View File

@ -89,6 +89,10 @@ spec:
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 6 failureThreshold: 6
resources:
requests:
cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

11
apps/attachments/yc-k8s-test/replicas.yaml
View File

@ -1,8 +1,13 @@
--- ---
apiVersion: apps/v1 apiVersion: helm.toolkit.fluxcd.io/v2
kind: Deployment kind: HelmRelease
metadata: metadata:
name: attachments name: attachments
namespace: attachments namespace: attachments
spec: spec:
replicas: 1 values:
services:
attachments:
deployment:
replicaCount:
_default: 2

6
apps/bim/base/backend-deployment.yaml
View File

@ -50,7 +50,7 @@ spec:
serviceAccountName: bim-vault serviceAccountName: bim-vault
containers: containers:
- name: backend - name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/bim-backend-v2:donstroi1 image: cr.yandex/crp3ccidau046kdj8g9q/bim-api:contour_3d704fef
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-ec"] command: ["/bin/sh", "-ec"]
args: args:
@ -58,7 +58,7 @@ spec:
set -a set -a
[ -f /vault/secrets/bim-postgresql ] && . /vault/secrets/bim-postgresql [ -f /vault/secrets/bim-postgresql ] && . /vault/secrets/bim-postgresql
set +a set +a
exec ./entrypoint.sh exec ./httpserver
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -88,7 +88,7 @@ spec:
value: "0" value: "0"
resources: resources:
requests: requests:
cpu: 100m cpu: 25m
memory: 100Mi memory: 100Mi
livenessProbe: livenessProbe:
httpGet: httpGet:

4
apps/bim/base/backend-service.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: backend-service name: backend-svc
namespace: bim namespace: bim
spec: spec:
type: ClusterIP type: ClusterIP
@ -10,6 +10,6 @@ spec:
app: backend app: backend
ports: ports:
- name: http - name: http
port: 8000 port: 80
targetPort: 8000 targetPort: 8000
protocol: TCP protocol: TCP

3
apps/bim/yc-k8s-test/postgresql.yaml
View File

@ -92,7 +92,8 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

32
apps/cde/base/cde-flowscallback.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde-flowscallback app: cde-flowscallback
service: cde-flowscallback service: cde-flowscallback
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-flowscallback - name: cde-flowscallback
image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_3.1.2 image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /worker
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/cde/base/cde-splitpdf.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde-splitpdf app: cde-splitpdf
service: cde-splitpdf service: cde-splitpdf
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-splitpdf - name: cde-splitpdf
image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_3.1.2 image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /worker
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/cde/base/cde-worker-copy.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde-worker-copy app: cde-worker-copy
service: cde-worker-copy service: cde-worker-copy
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-copy - name: cde-worker-copy
image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:preprod_fd483601 image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /worker
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/cde/base/cde-worker-create-versions.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde-worker-create-versions app: cde-worker-create-versions
service: cde-worker-create-versions service: cde-worker-create-versions
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-create-versions - name: cde-worker-create-versions
image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:preprod_ec474ae7 image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /worker
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/cde/base/cde-worker-markings.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde-worker-markings app: cde-worker-markings
service: cde-worker-markings service: cde-worker-markings
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-markings - name: cde-worker-markings
image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:preprod_eb50f30e image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /worker
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/cde/base/cde-worker-sign.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde-worker-sign app: cde-worker-sign
service: cde-worker-sign service: cde-worker-sign
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-sign - name: cde-worker-sign
image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:preprod_fd483601 image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /worker
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/cde/base/cde-worker-update-bundles.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde-worker-update-bundles app: cde-worker-update-bundles
service: cde-worker-update-bundles service: cde-worker-update-bundles
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-update-bundles - name: cde-worker-update-bundles
image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_3.1.2 image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /worker
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/cde/base/cde.yaml
View File

@ -17,11 +17,34 @@ spec:
labels: labels:
app: cde app: cde
service: cde service: cde
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
export {{ $k }}=$(printf '%b' {{ printf "%q" (printf "%v" $v) }})
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: api - name: api
image: cr.yandex/crp3ccidau046kdj8g9q/cde:preprod_ec474ae7 image: cr.yandex/crp3ccidau046kdj8g9q/cde:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -lc
args:
- |
set -e
source /vault/secrets/cde-env
exec /http
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -29,12 +52,9 @@ spec:
env: env:
- name: S3_IS_CONTOUR - name: S3_IS_CONTOUR
value: "true" value: "true"
envFrom:
- secretRef:
name: cde-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

1
apps/cde/base/kustomization.yaml
View File

@ -4,6 +4,7 @@ kind: Kustomization
namespace: cde namespace: cde
resources: resources:
- namespace.yaml - namespace.yaml
- serviceaccount.yaml
- cde.yaml - cde.yaml
- cde-splitpdf.yaml - cde-splitpdf.yaml
- backend-service.yaml - backend-service.yaml

5
apps/cde/base/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: cde-vault
namespace: cde

66
apps/checklists/base/backend-deployment.yaml
View File

@ -17,11 +17,41 @@ spec:
labels: labels:
app: checklists-backend app: checklists-backend
service: checklists-backend service: checklists-backend
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: checklists
vault.hashicorp.com/agent-inject-secret-checklists-db: secrets/data/postgresql/apps/checklists
vault.hashicorp.com/agent-inject-template-checklists-db: |-
{{- with secret "secrets/data/postgresql/apps/checklists" -}}
DATABASE_HOST=postgresql.checklists.svc.cluster.local
DATABASE_PORT=5432
DATABASE_NAME=checklists_db
DATABASE_USER={{ index .Data.data "username" }}
DATABASE_PASSWORD={{ index .Data.data "password" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-checklists-jwt-public: secrets/data/vault/common/rsa_keys
vault.hashicorp.com/agent-inject-template-checklists-jwt-public: |-
{{- with secret "secrets/data/vault/common/rsa_keys" -}}
{{ index .Data.data "public_key" }}
{{- end -}}
spec: spec:
serviceAccountName: checklists-vault
containers: containers:
- name: api - name: api
image: cr.yandex/crp3ccidau046kdj8g9q/checklists-backend:production_68f242cd image: cr.yandex/crp3ccidau046kdj8g9q/checklists-backend:production_68f242cd
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-ec"]
args:
- |
set -a
[ -f /vault/secrets/checklists-db ] && . /vault/secrets/checklists-db
[ -f /vault/secrets/checklists-jwt-public ] && export JWT_AUTH_PUBLIC_KEY="$(cat /vault/secrets/checklists-jwt-public)"
set +a
exec ./entrypoint.sh
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -34,47 +64,17 @@ spec:
- name: HTTP_APP_ROOT_PATH - name: HTTP_APP_ROOT_PATH
value: /checklists value: /checklists
- name: HTTP_APP_WORKERS - name: HTTP_APP_WORKERS
value: "8" value: "1"
- name: HTTP_APP_ADMIN_ENABLE - name: HTTP_APP_ADMIN_ENABLE
value: "true" value: "true"
- name: JWT_AUTH_ENABLE - name: JWT_AUTH_ENABLE
value: "true" value: "true"
- name: DEBUG - name: DEBUG
value: "false" value: "false"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: JWT_AUTH_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: public-key
name: jwt-secret
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/checklists/base/backend-service.yaml
View File

@ -3,11 +3,11 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: rfi-backend-api-svc name: rfi-backend-api-svc
namespace: rfi namespace: checklists
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app: rfi-backend-api app: checklists-backend
ports: ports:
- name: http - name: http
port: 80 port: 80

1
apps/checklists/base/kustomization.yaml
View File

@ -4,5 +4,6 @@ kind: Kustomization
namespace: checklists namespace: checklists
resources: resources:
- namespace.yaml - namespace.yaml
- serviceaccount.yaml
- backend-deployment.yaml - backend-deployment.yaml
- backend-service.yaml - backend-service.yaml

5
apps/checklists/base/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: checklists-vault
namespace: checklists

27
apps/checklists/yc-k8s-test/postgresql.yaml
View File

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: postgresql-contour chart: postgresql-contour
version: "17.0.2" version: "17.0.7"
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: yc-oci-charts name: yc-oci-charts
@ -44,7 +44,7 @@ spec:
image: image:
registry: cr.yandex/crp3ccidau046kdj8g9q registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql repository: contour/postgresql
tag: 17.0.2 tag: 17.0.7
pullPolicy: Always pullPolicy: Always
metrics: metrics:
enabled: false enabled: false
@ -61,7 +61,7 @@ spec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 5 timeoutSeconds: 5
@ -72,7 +72,7 @@ spec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 5 timeoutSeconds: 5
@ -83,12 +83,16 @@ spec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 6 failureThreshold: 6
resources:
requests:
cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:
@ -98,12 +102,19 @@ spec:
effect: NoSchedule effect: NoSchedule
contour: contour:
enabled: true enabled: true
adminUser: "" adminUser: "postgres"
adminPasswordSecretKey: "" sharedPreloadLibraries: "pg_stat_statements,uuid-ossp"
sharedPreloadLibraries: "pg_stat_statements" vault:
enabled: true
role: postgresql
authPath: auth/kubernetes
secretPath: secrets/data/postgresql/admin
secretKey: postgres-password
usersSecretPath: secrets/data/postgresql/users
databases: databases:
- name: checklists_db - name: checklists_db
user: checklists user: checklists
passwordKey: checklists
extensions: [] extensions: []
restoreFromDump: false restoreFromDump: false
s3-proxy: s3-proxy:

2
apps/comparisons/base/backend-deployment.yaml
View File

@ -111,7 +111,7 @@ spec:
value: /etc/app/tasks-execution-config.json value: /etc/app/tasks-execution-config.json
resources: resources:
requests: requests:
cpu: 100m cpu: 25m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:
- name: tasks-execution-config - name: tasks-execution-config

57
apps/comparisons/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,57 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: comparisons
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
volumes:
- name: nginx-configmap
configMap:
name: nginx-configmap
items:
- key: nginx.conf
path: nginx.conf
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/comparisons-frontend:prod_6dc6e0c2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 25m
memory: 100Mi
volumeMounts:
- name: nginx-configmap
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
livenessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 20
imagePullSecrets:
- name: regcred

112
apps/comparisons/base/frontend-helmrelease.yaml
View File

@ -1,112 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: comparisons-frontend
namespace: comparisons
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
port:
_default: 80
resources:
requests:
memory:
_default: 100Mi
cpu:
_default: 100m
probes:
liveness:
enabled:
_default: true
type:
_default: httpGet
httpGet:
path:
_default: /ping
port:
_default: 80
initialDelaySeconds:
_default: 10
periodSeconds:
_default: 10
failureThreshold:
_default: 10
readiness:
enabled:
_default: true
type:
_default: httpGet
httpGet:
path:
_default: /ping
port:
_default: 80
initialDelaySeconds:
_default: 10
periodSeconds:
_default: 10
failureThreshold:
_default: 20
volumes:
_default:
- name: nginx-configmap
mountPath:
_default: /etc/nginx/nginx.conf
subPath:
_default: nginx.conf
configMap:
name:
_default: nginx-configmap
items:
- key: nginx.conf
path:
_default: nginx.conf
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/comparisons-frontend:prod_6dc6e0c2
pullPolicy:
_default: IfNotPresent
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred

15
apps/comparisons/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: comparisons
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

3
apps/comparisons/base/kustomization.yaml
View File

@ -7,6 +7,7 @@ resources:
- serviceaccount.yaml - serviceaccount.yaml
- backend-deployment.yaml - backend-deployment.yaml
- backend-service.yaml - backend-service.yaml
- frontend-helmrelease.yaml - frontend-deployment.yaml
- frontend-service.yaml
- nginx-configmap.yaml - nginx-configmap.yaml
- tasks-execution-config.yaml - tasks-execution-config.yaml

3
apps/comparisons/yc-k8s-test/postgresql.yaml
View File

@ -91,7 +91,8 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

3
apps/contracts/yc-k8s-test/postgresql.yaml
View File

@ -58,7 +58,8 @@ spec:
size: 20Gi size: 20Gi
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
customLivenessProbe: customLivenessProbe:
exec: exec:
command: command:

4
apps/control-interface/base/service.yaml
View File

@ -2,13 +2,13 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: srx-admin-svc name: frontend-svc
namespace: control-interface namespace: control-interface
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app: srx-admin app: srx-admin
ports: ports:
- port: 8080 - port: 80
targetPort: 80 targetPort: 80
protocol: TCP protocol: TCP

71
apps/document-link/base/frontend-helmrelease.yaml → apps/control-interface/brusnika-stage/helmrelease.yaml
View File

@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: document-link-frontend name: srx-admin
namespace: document-link namespace: django
spec: spec:
interval: 10m interval: 10m
chart: chart:
spec: spec:
chart: universal-chart chart: universal-chart
@ -15,51 +16,77 @@ spec:
name: yc-oci-charts name: yc-oci-charts
namespace: flux-system namespace: flux-system
interval: 10m interval: 10m
install: install:
remediation: remediation:
retries: 3 retries: 3
upgrade: upgrade:
remediation: remediation:
retries: 3 retries: 3
values: values:
global: global:
env: _default env: _default
services: services:
frontend: frontend:
enabled: true enabled: true
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
port:
_default: 80
resources:
requests:
memory:
_default: 100Mi
cpu:
_default: 100m
image: image:
name: name:
_default: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:wb_cb2027ce _default: cr.yandex/crp3ccidau046kdj8g9q/srx-admin:prod_feb59026
pullPolicy: pullPolicy:
_default: IfNotPresent _default: IfNotPresent
service:
deployment:
enabled: true enabled: true
name: name:
_default: frontend-service _default: srx-admin
type:
_default: ClusterIP replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port: port:
_default: 80 _default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: srx-admin-svc
type:
_default: ClusterIP
port:
_default: 8080
targetPort: targetPort:
_default: 80 _default: 80
portName: portName:
_default: http _default: http
imagePullSecrets: imagePullSecrets:
enabled: enabled:
_default: true _default: true
name: name:
_default: regcred _default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/control-interface/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: django
resources:
- helmrelease.yaml

46
apps/cross-section/base/deployment.yaml Normal file
View File

@ -0,0 +1,46 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cross-section-static
namespace: cross-section
labels:
app: cross-section-static
spec:
replicas: 2
selector:
matchLabels:
app: cross-section-static
template:
metadata:
labels:
app: cross-section-static
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/cross-section-app:production_e09e648b
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 20
resources:
requests:
cpu: 25m
memory: 100Mi
imagePullSecrets:
- name: regcred

98
apps/cross-section/base/frontend-helmrelease.yaml
View File

@ -1,98 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cross-section-frontend
namespace: cross-section
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
static:
enabled: true
deployment:
enabled: true
name:
_default: cross-section-static
replicaCount:
_default: 2
port:
_default: 80
resources:
requests:
memory:
_default: 100Mi
cpu:
_default: 100m
probes:
liveness:
enabled:
_default: true
type:
_default: httpGet
httpGet:
path:
_default: /ping
port:
_default: 80
initialDelaySeconds:
_default: 10
periodSeconds:
_default: 10
failureThreshold:
_default: 10
readiness:
enabled:
_default: true
type:
_default: httpGet
httpGet:
path:
_default: /ping
port:
_default: 80
initialDelaySeconds:
_default: 10
periodSeconds:
_default: 10
failureThreshold:
_default: 20
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/cross-section-app:production_e09e648b
pullPolicy:
_default: IfNotPresent
service:
enabled: true
name:
_default: cross-section-static
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred

3
apps/cross-section/base/kustomization.yaml
View File

@ -4,4 +4,5 @@ kind: Kustomization
namespace: cross-section namespace: cross-section
resources: resources:
- namespace.yaml - namespace.yaml
- frontend-helmrelease.yaml - deployment.yaml
- service.yaml

15
apps/cross-section/base/service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: cross-section-static
namespace: cross-section
spec:
type: ClusterIP
selector:
app: cross-section-static
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

18
apps/django/base/backend-deployment.yaml
View File

@ -50,7 +50,7 @@ spec:
{{- with secret "secrets/data/minio/apps/django" -}} {{- with secret "secrets/data/minio/apps/django" -}}
AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech
S3_HOST=https://minio.contour.infra.sarex.tech S3_HOST=https://minio.contour.infra.sarex.tech
{{- $buckets := index .Data.data "buckets" -}} {{- $buckets := index .Data.data "buckets" }}
S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}} S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}}
S3_LOGIN={{ index .Data.data "access_key" }} S3_LOGIN={{ index .Data.data "access_key" }}
S3_PASSWORD={{ index .Data.data "secret_key" }} S3_PASSWORD={{ index .Data.data "secret_key" }}
@ -127,11 +127,11 @@ spec:
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: CELERY_REDIS_HOST - name: CELERY_REDIS_HOST
value: redis-service value: redis
- name: CELERY_REDIS_PORT - name: CELERY_REDIS_PORT
value: "6379" value: "6379"
- name: DJANGO_REDIS_HOST - name: DJANGO_REDIS_HOST
value: redis-service value: redis
- name: DJANGO_REDIS_PORT - name: DJANGO_REDIS_PORT
value: "6379" value: "6379"
- name: BIMV2_INTERNAL_HOST - name: BIMV2_INTERNAL_HOST
@ -149,13 +149,13 @@ spec:
- name: MEASUREMENTS_USE_MEASUREMENTS - name: MEASUREMENTS_USE_MEASUREMENTS
value: "1" value: "1"
- name: SERVER_API_HOST - name: SERVER_API_HOST
value: https://wb.sarex.io value: https://sarex.contour.infra.sarex.tech
- name: SERVER_HOST - name: SERVER_HOST
value: https://wb.sarex.io value: https://sarex.contour.infra.sarex.tech
- name: WORKFLOWS_HOST - name: WORKFLOWS_HOST
value: https://wb.sarex.io value: https://sarex.contour.infra.sarex.tech
- name: WORKFLOWS_BASE_HOST - name: WORKFLOWS_BASE_HOST
value: https://wb.sarex.io value: https://sarex.contour.infra.sarex.tech
- name: WORKFLOWS_USE - name: WORKFLOWS_USE
value: "1" value: "1"
- name: SERVER_S3_STREAM_IMPORT - name: SERVER_S3_STREAM_IMPORT
@ -203,8 +203,8 @@ spec:
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
volumeMounts: volumeMounts:
- name: django-configmap - name: django-configmap
mountPath: /opt/sarex/config/settings/production.py mountPath: /opt/sarex/config/settings/production.py

10
apps/django/base/celery-deployment.yaml
View File

@ -50,7 +50,7 @@ spec:
{{- with secret "secrets/data/minio/apps/django" -}} {{- with secret "secrets/data/minio/apps/django" -}}
AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech
S3_HOST=https://minio.contour.infra.sarex.tech S3_HOST=https://minio.contour.infra.sarex.tech
{{- $buckets := index .Data.data "buckets" -}} {{- $buckets := index .Data.data "buckets" }}
S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}} S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}}
S3_LOGIN={{ index .Data.data "access_key" }} S3_LOGIN={{ index .Data.data "access_key" }}
S3_PASSWORD={{ index .Data.data "secret_key" }} S3_PASSWORD={{ index .Data.data "secret_key" }}
@ -121,11 +121,11 @@ spec:
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: CELERY_REDIS_HOST - name: CELERY_REDIS_HOST
value: redis-service value: redis
- name: CELERY_REDIS_PORT - name: CELERY_REDIS_PORT
value: "6379" value: "6379"
- name: DJANGO_REDIS_HOST - name: DJANGO_REDIS_HOST
value: redis-service value: redis
- name: DJANGO_REDIS_PORT - name: DJANGO_REDIS_PORT
value: "6379" value: "6379"
- name: BIMV2_INTERNAL_HOST - name: BIMV2_INTERNAL_HOST
@ -194,8 +194,8 @@ spec:
value: "False" value: "False"
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
volumeMounts: volumeMounts:
- name: django-configmap - name: django-configmap
mountPath: /opt/sarex/config/settings/production.py mountPath: /opt/sarex/config/settings/production.py

52
apps/django/base/django-configmap.yaml
View File

@ -5,16 +5,57 @@ metadata:
namespace: django namespace: django
data: data:
production.py: | production.py: |
import ast
import os import os
from .base import * from .base import *
from logging.handlers import SysLogHandler from logging.handlers import SysLogHandler
from datetime import timedelta from datetime import timedelta
def _load_env_file(path):
try:
with open(path, "r", encoding="utf-8") as f:
for raw_line in f:
line = raw_line.strip()
if not line or line.startswith("#") or "=" not in line:
continue
key, value = line.split("=", 1)
key = key.strip()
value = value.strip()
if len(value) >= 2 and value[0] == value[-1] and value[0] in ("'", '"'):
try:
value = ast.literal_eval(value)
except (ValueError, SyntaxError):
value = value[1:-1]
if key and key not in os.environ:
os.environ[key] = value
except FileNotFoundError:
pass
def _read_secret_file(path, default=""):
try:
with open(path, "r", encoding="utf-8") as f:
return f.read().strip()
except FileNotFoundError:
return default
# Fallback for manage.py launched via `kubectl exec` (outside entrypoint),
# so Django can still read DB/JWT values from Vault-injected files.
_load_env_file("/vault/secrets/django-postgresql")
_load_env_file("/vault/secrets/django-rabbitmq")
_load_env_file("/vault/secrets/django-s3")
_load_env_file("/vault/secrets/django-kafka")
_load_env_file("/vault/secrets/django-common")
if not os.environ.get("JWT_PRIVATE_KEY"):
os.environ["JWT_PRIVATE_KEY"] = _read_secret_file("/vault/secrets/django-jwt-private")
if not os.environ.get("JWT_PUBLIC_KEY"):
os.environ["JWT_PUBLIC_KEY"] = _read_secret_file("/vault/secrets/django-jwt-public")
ALLOWED_HOSTS = ["*"] ALLOWED_HOSTS = ["*"]
FILE_UPLOAD_PERMISSIONS = 0o644 FILE_UPLOAD_PERMISSIONS = 0o644
DEBUG = False DEBUG = False
CSRF_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = ["https://lk.srx.wb.ru:30443", "https://lk.srx.wb.ru"] CSRF_TRUSTED_ORIGINS = ["https://sarex.contour.infra.sarex.tech", "http://sarex.contour.infra.sarex.tech"]
SESSION_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = False SECURE_SSL_REDIRECT = False
@ -46,7 +87,7 @@ data:
'Bearer', 'Bearer',
) )
HOST = "https://wb.sarex.io" HOST = "https://sarex.contour.infra.sarex.tech"
POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE') POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE')
POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER') POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER')
@ -109,8 +150,8 @@ data:
'BLACKLIST_AFTER_ROTATION': True, 'BLACKLIST_AFTER_ROTATION': True,
'UPDATE_LAST_LOGIN': False, 'UPDATE_LAST_LOGIN': False,
'ALGORITHM': 'RS512', 'ALGORITHM': 'RS512',
'SIGNING_KEY': os.environ.get("JWT_PRIVATE_KEY").replace("\\n", "\n"), 'SIGNING_KEY': os.environ.get("JWT_PRIVATE_KEY", "").replace("\\n", "\n"),
'VERIFYING_KEY': os.environ.get("JWT_PUBLIC_KEY").replace("\\n", "\n"), 'VERIFYING_KEY': os.environ.get("JWT_PUBLIC_KEY", "").replace("\\n", "\n"),
'AUDIENCE': None, 'AUDIENCE': None,
'ISSUER': os.environ.get('SIMPLE_JWT_ISSUER', 'default_issuer'), 'ISSUER': os.environ.get('SIMPLE_JWT_ISSUER', 'default_issuer'),
'AUTH_HEADER_TYPES': ('Bearer',), 'AUTH_HEADER_TYPES': ('Bearer',),
@ -269,7 +310,7 @@ data:
DEBUG=True DEBUG=True
#WEB_APP_AUTH_MODE='jwt-session-based' WEB_APP_AUTH_MODE='jwt-session-based'
SAREX_MODULES_SETTINGS = { SAREX_MODULES_SETTINGS = {
@ -278,4 +319,3 @@ data:
}, },
"sso_logout_redirect": True "sso_logout_redirect": True
} }

44
apps/django/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,44 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: django
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
volumes:
- name: nginx-configmap
configMap:
name: nginx-configmap
items:
- key: nginx.conf
path: nginx.conf
defaultMode: 420
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/sarex-frontend-dev:contour_0b579274
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 25m
memory: 100Mi
volumeMounts:
- name: nginx-configmap
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
imagePullSecrets:
- name: regcred

15
apps/django/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
namespace: django
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

3
apps/django/base/kustomization.yaml
View File

@ -7,8 +7,9 @@ resources:
- serviceaccount.yaml - serviceaccount.yaml
- backend-deployment.yaml - backend-deployment.yaml
- celery-deployment.yaml - celery-deployment.yaml
- frontend-deployment.yaml
- backend-service.yaml - backend-service.yaml
- frontend-helmrelease.yaml - frontend-service.yaml
- django-configmap.yaml - django-configmap.yaml
- srx-admin-deployment.yaml - srx-admin-deployment.yaml
- srx-admin-service.yaml - srx-admin-service.yaml

17
apps/django/base/nginx-configmap.yaml
View File

@ -80,10 +80,19 @@ data:
# } # }
location ~^/workspaces-v2/(.+).js { location ~^/workspaces-v2/(.+).js {
proxy_http_version 1.1;
proxy_set_header Connection "";
rewrite /workspaces-v2/(.+) /$1 break; rewrite /workspaces-v2/(.+) /$1 break;
proxy_pass http://frontend-svc.workspaces.svc.cluster.local:80; proxy_pass http://frontend-svc.workspaces.svc.cluster.local:80;
} }
location ~^/workspaces-v2/(.+)\.wasm$ {
proxy_http_version 1.1;
proxy_set_header Connection "";
rewrite ^/workspaces-v2/(.+) /$1 break;
proxy_pass http://frontend-svc.workspaces.svc.cluster.local:80;
}
location @index { location @index {
add_header Cache-Control 'no-cache, must-revalidate, proxy-revalidate, max-age=0'; add_header Cache-Control 'no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off; if_modified_since off;
@ -91,10 +100,10 @@ data:
try_files /static/index.html =404; try_files /static/index.html =404;
} }
location ~^/workflows/(.+).js { # location ~^/workflows/(.+).js {
rewrite /workflows/(.+) /$1 break; # rewrite /workflows/(.+) /$1 break;
proxy_pass http://frontend-svc.processing.svc.cluster.local:80; # proxy_pass http://frontend-svc.processing.svc.cluster.local:80;
} # }
location /service-worker.js { location /service-worker.js {
try_files /static/$uri @index; try_files /static/$uri @index;
} }

2
apps/django/base/srx-admin-deployment.yaml
View File

@ -26,7 +26,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 100m cpu: 25m
memory: 100Mi memory: 100Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

406
apps/django/brusnika-stage/celery.yaml Normal file
View File

@ -0,0 +1,406 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: celery
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/backend:production_8f05291e
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: celery
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
command:
_default:
- celery
- -A
- config
- worker
- -B
- -l
- info
- -E
- -Q
- default
- -n
- default_worker.%h
- --concurrency=2
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: celery
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: uwsgi-configmap
mountPath:
_default: /opt/sarex/uwsgi.ini
subPath:
_default: uwsgi.ini
readOnly:
_default: true
configMap:
name:
_default: uwsgi-configmap
items:
- key: uwsgi.ini
path:
_default: uwsgi.ini
- name: django-configmap
mountPath:
_default: /opt/sarex/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: django-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: SERVER_SUPERSET_HOST
value:
_default: "https://superset.test.sarex.brusnika.tech"
- name: GK_ENCRYPTION_KEY
value:
_default: "zfDjuszywHSbAhY8KJQbESbpUYN74XTs"
- name: ALLOWED_HOSTS
value:
_default: "*"
- name: SERVER_USE_CHANGELOG
value:
_default: "0"
- name: SERVER_ZITADEL_ENABLED
value:
_default: "False"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: CELERY_REDIS_HOST
value:
_default: "redis-service"
- name: CELERY_REDIS_PORT
value:
_default: "6379"
- name: DJANGO_REDIS_HOST
value:
_default: "redis-service"
- name: DJANGO_REDIS_PORT
value:
_default: "6379"
- name: BIMV2_INTERNAL_HOST
value:
_default: "http://bim-backend-v2-service.bim-api"
- name: BIMV2_TIMEOUT
value:
_default: "60"
- name: JWT_KID
value:
_default: "1"
- name: PDM_SYNC
value:
_default: "1"
- name: KC_SYNC_ENABLE
value:
_default: "0"
- name: MEASUREMENTS_HOST
value:
_default: "http://measurements-service.measurements.svc.cluster.local:8000/api"
- name: MEASUREMENTS_USE_MEASUREMENTS
value:
_default: "1"
- name: SERVER_API_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: SERVER_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_BASE_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_USE
value:
_default: "1"
- name: SERVER_S3_STREAM_IMPORT
value:
_default: "1"
- name: SERVER_SAVE_DIFF_DEM
value:
_default: "1"
- name: SERVER_USE_CLICKHOUSE
value:
_default: "0"
- name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK
value:
_default: "0"
- name: SERVER_USE_DJANGO_STORAGE
value:
_default: "1"
- name: SERVER_USE_METASHAPE
value:
_default: "0"
- name: SERVER_CHANGELOG_MODE_SYSTEM_LOG
value:
_default: "1"
- name: SERVER_CHANGELOG_MODE
value:
_default: "0"
- name: SERVER_DJANGO_URLS
value:
_default: "1"
- name: CHECK_IMPORT_HASH
value:
_default: "1"
- name: EAV_ENABLE
value:
_default: "1"
- name: SERVER_CHECK_IMPORT_HASH
value:
_default: "1"
- name: SERVER_CHUNKED_PATH
value:
_default: "/tmp/chunked_uploads/%Y/%m/%d"
- name: SERVER_HIDE_USER_SCROLL_PERMISSIONS
value:
_default: "0"
- name: SERVER_USE_WRORKFLOW_STATUS
value:
_default: "1"
- name: S3_HOST
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: KC_USE_REDIRECT_LOGOUT
value:
_default: "True"
secretEnvs:
- name: SERVER_SUPERSET_JWT_SECRET
secretName:
_default: "jwt-secret-superset"
secretKey: "jwt_secret"
- name: KC_CLIENT_ID
secretName:
_default: "gatekeeper-secret"
secretKey: "client_id"
- name: KC_CLIENT_SECRET
secretName:
_default: "gatekeeper-secret"
secretKey: "client_secret"
- name: AWS_S3_ENDPOINT_URL
secretName:
_default: "s3-secret"
secretKey: "endpoint"
- name: CELERY_RABBITMQ_HOST
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: CELERY_RABBITMQ_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: CELERY_RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: CELERY_RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: DJANGO_POSTGRES_HOST
secretName:
_default: "postgres-secret"
secretKey: "host"
- name: DJANGO_POSTGRES_PORTS
secretName:
_default: "postgres-secret"
secretKey: "port"
- name: DJANGO_POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DJANGO_POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_POSTGRES_DATABASE
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: DJANGO_RABBIT_HOSTNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: DJANGO_RABBIT_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: DJANGO_RABBIT_PASS
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: DJANGO_RABBIT_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
- name: S3_BUCKET
secretName:
_default: "sarex-media-storage-secret"
secretKey: "bucket"
- name: S3_LOGIN
secretName:
_default: "sarex-media-storage-secret"
secretKey: "login"
- name: S3_PASSWORD
secretName:
_default: "sarex-media-storage-secret"
secretKey: "password"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

73
apps/flows/base/frontend-helmrelease.yaml → apps/django/brusnika-stage/export-project.yaml
View File

@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: flows-frontend name: export-project
namespace: flows namespace: django
spec: spec:
interval: 10m interval: 10m
chart: chart:
spec: spec:
chart: universal-chart chart: universal-chart
@ -15,51 +16,79 @@ spec:
name: yc-oci-charts name: yc-oci-charts
namespace: flux-system namespace: flux-system
interval: 10m interval: 10m
install: install:
remediation: remediation:
retries: 3 retries: 3
upgrade: upgrade:
remediation: remediation:
retries: 3 retries: 3
values: values:
global: global:
env: _default env: _default
services: services:
frontend: backend:
enabled: true enabled: true
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
port:
_default: 80
resources:
requests:
memory:
_default: 100Mi
cpu:
_default: 100m
image: image:
name: name:
_default: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_5b2bd144 _default: cr.yandex/crp3ccidau046kdj8g9q/export-project:prod_37a48176
pullPolicy: pullPolicy:
_default: IfNotPresent _default: IfNotPresent
deployment:
enabled: true
name:
_default: export-project
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service: service:
enabled: true enabled: true
name: name:
_default: frontend-service _default: export-project-service
type: type:
_default: ClusterIP _default: ClusterIP
port: port:
_default: 80 _default: 8000
targetPort: targetPort:
_default: 80 _default: 8000
portName: portName:
_default: http _default: http
imagePullSecrets: imagePullSecrets:
enabled: enabled:
_default: true _default: true
name: name:
_default: regcred _default: regcred
labels:
monitoring: prometheus
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

10
apps/django/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: django
resources:
- sarex-frontend.yaml
- sarex-backend.yaml
- celery.yaml
- export-project.yaml
- s3-proxy.yaml

113
apps/django/brusnika-stage/s3-proxy.yaml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: s3-proxy
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/export-project:prod_37a48176
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: s3-proxy
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: s3-proxy-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: AWS_API_ENDPOINT
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: APP_PORT
value:
_default: "8000"
secretEnvs:
- name: AWS_ACCESS_KEY_ID
secretName:
_default: "sarex-media-storage-secret"
secretKey: "login"
- name: AWS_SECRET_ACCESS_KEY
secretName:
_default: "sarex-media-storage-secret"
secretKey: "password"
- name: AWS_S3_BUCKET
secretName:
_default: "sarex-media-storage-secret"
secretKey: "bucket"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

390
apps/django/brusnika-stage/sarex-backend.yaml Normal file
View File

@ -0,0 +1,390 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: backend
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/backend:production_8f05291e
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: backend
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: uwsgi-configmap
mountPath:
_default: /opt/sarex/uwsgi.ini
subPath:
_default: uwsgi.ini
readOnly:
_default: true
configMap:
name:
_default: uwsgi-configmap
items:
- key: uwsgi.ini
path:
_default: uwsgi.ini
- name: django-configmap
mountPath:
_default: /opt/sarex/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: django-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: SERVER_SUPERSET_HOST
value:
_default: "https://superset.test.sarex.brusnika.tech"
- name: GK_ENCRYPTION_KEY
value:
_default: "zfDjuszywHSbAhY8KJQbESbpUYN74XTs"
- name: ALLOWED_HOSTS
value:
_default: "*"
- name: SERVER_USE_CHANGELOG
value:
_default: "0"
- name: SERVER_ZITADEL_ENABLED
value:
_default: "False"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: CELERY_REDIS_HOST
value:
_default: "redis-service"
- name: CELERY_REDIS_PORT
value:
_default: "6379"
- name: DJANGO_REDIS_HOST
value:
_default: "redis-service"
- name: DJANGO_REDIS_PORT
value:
_default: "6379"
- name: BIMV2_INTERNAL_HOST
value:
_default: "http://bim-backend-v2-service.bim-api"
- name: BIMV2_TIMEOUT
value:
_default: "60"
- name: JWT_KID
value:
_default: "1"
- name: PDM_SYNC
value:
_default: "1"
- name: KC_SYNC_ENABLE
value:
_default: "0"
- name: MEASUREMENTS_HOST
value:
_default: "http://measurements-service.measurements.svc.cluster.local:8000/api"
- name: MEASUREMENTS_USE_MEASUREMENTS
value:
_default: "1"
- name: SERVER_API_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: SERVER_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_BASE_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_USE
value:
_default: "1"
- name: SERVER_S3_STREAM_IMPORT
value:
_default: "1"
- name: SERVER_SAVE_DIFF_DEM
value:
_default: "1"
- name: SERVER_USE_CLICKHOUSE
value:
_default: "0"
- name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK
value:
_default: "0"
- name: SERVER_USE_DJANGO_STORAGE
value:
_default: "1"
- name: SERVER_USE_METASHAPE
value:
_default: "0"
- name: SERVER_CHANGELOG_MODE_SYSTEM_LOG
value:
_default: "1"
- name: SERVER_CHANGELOG_MODE
value:
_default: "0"
- name: SERVER_DJANGO_URLS
value:
_default: "1"
- name: CHECK_IMPORT_HASH
value:
_default: "1"
- name: EAV_ENABLE
value:
_default: "1"
- name: SERVER_CHECK_IMPORT_HASH
value:
_default: "1"
- name: SERVER_CHUNKED_PATH
value:
_default: "/tmp/chunked_uploads/%Y/%m/%d"
- name: SERVER_HIDE_USER_SCROLL_PERMISSIONS
value:
_default: "0"
- name: SERVER_USE_WRORKFLOW_STATUS
value:
_default: "1"
- name: S3_HOST
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: KC_USE_REDIRECT_LOGOUT
value:
_default: "True"
secretEnvs:
- name: SERVER_SUPERSET_JWT_SECRET
secretName:
_default: "jwt-secret-superset"
secretKey: "jwt_secret"
- name: KC_CLIENT_ID
secretName:
_default: "gatekeeper-secret"
secretKey: "client_id"
- name: KC_CLIENT_SECRET
secretName:
_default: "gatekeeper-secret"
secretKey: "client_secret"
- name: AWS_S3_ENDPOINT_URL
secretName:
_default: "s3-secret"
secretKey: "endpoint"
- name: CELERY_RABBITMQ_HOST
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: CELERY_RABBITMQ_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: CELERY_RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: CELERY_RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: DJANGO_POSTGRES_HOST
secretName:
_default: "postgres-secret"
secretKey: "host"
- name: DJANGO_POSTGRES_PORTS
secretName:
_default: "postgres-secret"
secretKey: "port"
- name: DJANGO_POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DJANGO_POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_POSTGRES_DATABASE
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: DJANGO_RABBIT_HOSTNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: DJANGO_RABBIT_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: DJANGO_RABBIT_PASS
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: DJANGO_RABBIT_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
- name: S3_BUCKET
secretName:
_default: "sarex-media-storage-secret"
secretKey: "bucket"
- name: S3_LOGIN
secretName:
_default: "sarex-media-storage-secret"
secretKey: "login"
- name: S3_PASSWORD
secretName:
_default: "sarex-media-storage-secret"
secretKey: "password"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

96
apps/django/base/frontend-helmrelease.yaml → apps/django/brusnika-stage/sarex-frontend.yaml
View File

@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: django-frontend name: frontend
namespace: django namespace: django
spec: spec:
interval: 10m interval: 10m
chart: chart:
spec: spec:
chart: universal-chart chart: universal-chart
@ -15,32 +16,74 @@ spec:
name: yc-oci-charts name: yc-oci-charts
namespace: flux-system namespace: flux-system
interval: 10m interval: 10m
install: install:
remediation: remediation:
retries: 3 retries: 3
upgrade: upgrade:
remediation: remediation:
retries: 3 retries: 3
values: values:
global: global:
env: _default env: _default
services: services:
frontend: frontend:
enabled: true enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/sarex-frontend-dev:contour_5.15.7
pullPolicy:
_default: IfNotPresent
deployment: deployment:
enabled: true enabled: true
name: name:
_default: frontend _default: frontend
replicaCount: replicaCount:
_default: 1 _default: 1
stage: 1
preprod: 3
production: 3
port: port:
_default: 80 _default: 80
resources:
requests: probes:
memory: liveness:
_default: 100Mi enabled: false
cpu: readiness:
_default: 100m enabled: false
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes: volumes:
_default: _default:
- name: nginx-configmap - name: nginx-configmap
@ -48,34 +91,19 @@ spec:
_default: /etc/nginx/nginx.conf _default: /etc/nginx/nginx.conf
subPath: subPath:
_default: nginx.conf _default: nginx.conf
readOnly:
_default: true
configMap: configMap:
name: name:
_default: nginx-configmap _default: nginx-configmap
items: items:
- key: nginx.conf - key: nginx.conf
path: path: nginx.conf
_default: nginx.conf defaultMode: 420
defaultMode:
_default: 420
image:
name: commitSha: ""
_default: cr.yandex/crp3ccidau046kdj8g9q/sarex-frontend-dev:contour_0b579274 gitlabUri: ""
pullPolicy: gitlabJobUrl: ""
_default: IfNotPresent owner: ""
service:
enabled: true
name:
_default: frontend-svc
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred

2
apps/django/yc-k8s-test/kustomization.yaml
View File

@ -4,4 +4,6 @@ kind: Kustomization
resources: resources:
- ../base - ../base
- postgresql.yaml - postgresql.yaml
- redis-deployment.yaml
- redis-service.yaml
patches: [] patches: []

3
apps/django/yc-k8s-test/postgresql.yaml
View File

@ -91,7 +91,8 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

27
apps/django/yc-k8s-test/redis-deployment.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: django
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: cr.yandex/crp3ccidau046kdj8g9q/redis:latest
imagePullPolicy: Always
ports:
- containerPort: 6379
protocol: TCP
imagePullSecrets:
- name: regcred

13
apps/django/yc-k8s-test/redis-service.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: django
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
protocol: TCP

33
apps/document-link/base/deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: document-link
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
version: stable
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:wb_cb2027ce
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 25m
memory: 100Mi
imagePullSecrets:
- name: regcred

3
apps/document-link/base/kustomization.yaml
View File

@ -4,4 +4,5 @@ kind: Kustomization
namespace: document-link namespace: document-link
resources: resources:
- namespace.yaml - namespace.yaml
- frontend-helmrelease.yaml - deployment.yaml
- service.yaml

15
apps/document-link/base/service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: document-link
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

30
apps/documentations/base/api-deployment.yaml
View File

@ -72,7 +72,7 @@ spec:
exec /app/entrypoint.sh exec /app/entrypoint.sh
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8080
protocol: TCP protocol: TCP
env: env:
- name: POSTGRES_POOL_SIZE - name: POSTGRES_POOL_SIZE
@ -82,9 +82,9 @@ spec:
- name: ZITADEL_DOMAIN - name: ZITADEL_DOMAIN
value: zitadel-srx.wb.ru value: zitadel-srx.wb.ru
- name: USE_ZITADEL - name: USE_ZITADEL
value: "1" value: "0"
- name: FLOWS_URL - name: FLOWS_URL
value: http://backend-service.flows.svc.cluster.local:8000 value: http://backend-svc.flows.svc.cluster.local:80
- name: LAST_MASTER_BIM - name: LAST_MASTER_BIM
value: "36311" value: "36311"
- name: API_ADDRESS - name: API_ADDRESS
@ -98,7 +98,7 @@ spec:
- name: ENABLE_SSL - name: ENABLE_SSL
value: "0" value: "0"
- name: WORKSPACE_V2_EXTERNAL_URL - name: WORKSPACE_V2_EXTERNAL_URL
value: https://srx.wb.ru/workspaces-v2/ value: https://sarex.contour.infra.sarex.tech/workspaces-v2/
- name: ENABLE_S3 - name: ENABLE_S3
value: "1" value: "1"
- name: CONTAINER_REGISTRY - name: CONTAINER_REGISTRY
@ -108,15 +108,15 @@ spec:
- name: LAST_SLAVE_1_BIM - name: LAST_SLAVE_1_BIM
value: "1000000" value: "1000000"
- name: HOST - name: HOST
value: http://documentations-api.documentations.svc.cluster.local:8080 value: http://backend-api-svc.documentations.svc.cluster.local:80
- name: FILE_STREAM_HOST - name: FILE_STREAM_HOST
value: srx.wb.ru value: sarex.contour.infra.sarex.tech
- name: DOCUMENTATION_URL - name: DOCUMENTATION_URL
value: http://documentations-api.documentations.svc.cluster.local:8080/ value: http://documentations-api.documentations.svc.cluster.local:80/
- name: WORKFLOW_URL - name: WORKFLOW_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000/ value: http://backend-svc.processing.svc.cluster.local:80/
- name: WORKSPACE_URL - name: WORKSPACE_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/ value: http://backend-svc.workspaces.svc.cluster.local:80/
- name: BIM_API_URL - name: BIM_API_URL
value: http://bim-api-service.bim.svc.cluster.local:8080/ value: http://bim-api-service.bim.svc.cluster.local:8080/
- name: BIM_API_V2_URL - name: BIM_API_V2_URL
@ -124,9 +124,9 @@ spec:
- name: WORKSPACE_BUNDLE_VERSION - name: WORKSPACE_BUNDLE_VERSION
value: v1 value: v1
- name: SYSTEM_LOG_URL - name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000 value: http://backend-svc.system-log.svc.cluster.local:80
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000 value: http://backend-svc.django.svc.cluster.local:80
- name: MARKS_PROCESSING_URL - name: MARKS_PROCESSING_URL
value: http://marks-service:8000 value: http://marks-service:8000
- name: PUBLIC_LINK_HOST - name: PUBLIC_LINK_HOST
@ -152,9 +152,9 @@ spec:
- name: CACHE_CLEANUP_INTERVAL - name: CACHE_CLEANUP_INTERVAL
value: 60s value: 60s
- name: ENABLE_AUTH_JWT_IN_URL - name: ENABLE_AUTH_JWT_IN_URL
value: "false"
- name: ENABLE_SIGNATURE_IN_URL
value: "true" value: "true"
- name: ENABLE_SIGNATURE_IN_URL
value: "false"
- name: USE_CACHE_IN_FILE_STREAMER - name: USE_CACHE_IN_FILE_STREAMER
value: "0" value: "0"
- name: VALKEY_ADDR - name: VALKEY_ADDR
@ -166,8 +166,8 @@ spec:
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

2
apps/documentations/base/api-service.yaml
View File

@ -11,5 +11,5 @@ spec:
ports: ports:
- name: http - name: http
port: 80 port: 80
targetPort: 8000 targetPort: 8080
protocol: TCP protocol: TCP

18
apps/documentations/base/filestream-deployment.yaml
View File

@ -72,7 +72,7 @@ spec:
exec /app/file_entrypoint.sh exec /app/file_entrypoint.sh
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8080
protocol: TCP protocol: TCP
env: env:
- name: POSTGRES_POOL_SIZE - name: POSTGRES_POOL_SIZE
@ -82,9 +82,9 @@ spec:
- name: ZITADEL_DOMAIN - name: ZITADEL_DOMAIN
value: zitadel-srx.wb.ru value: zitadel-srx.wb.ru
- name: USE_ZITADEL - name: USE_ZITADEL
value: "1" value: "0"
- name: FLOWS_URL - name: FLOWS_URL
value: http://backend-service.flows.svc.cluster.local:8000 value: http://backend-svc.flows.svc.cluster.local:80
- name: LAST_MASTER_BIM - name: LAST_MASTER_BIM
value: "36311" value: "36311"
- name: API_ADDRESS - name: API_ADDRESS
@ -108,15 +108,15 @@ spec:
- name: LAST_SLAVE_1_BIM - name: LAST_SLAVE_1_BIM
value: "1000000" value: "1000000"
- name: HOST - name: HOST
value: http://documentations-api.documentations.svc.cluster.local:8080 value: http://backend-api-svc.documentations.svc.cluster.local:80
- name: FILE_STREAM_HOST - name: FILE_STREAM_HOST
value: srx.wb.ru value: srx.wb.ru
- name: DOCUMENTATION_URL - name: DOCUMENTATION_URL
value: http://documentations-api.documentations.svc.cluster.local:8080/ value: http://backend-api-svc.documentations.svc.cluster.local:80/
- name: WORKFLOW_URL - name: WORKFLOW_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000/ value: http://workflows-api-service.workflow.svc.cluster.local:8000/
- name: WORKSPACE_URL - name: WORKSPACE_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/ value: http://backend-svc.workspaces.svc.cluster.local:80/
- name: BIM_API_URL - name: BIM_API_URL
value: http://bim-api-service.bim.svc.cluster.local:8080/ value: http://bim-api-service.bim.svc.cluster.local:8080/
- name: BIM_API_V2_URL - name: BIM_API_V2_URL
@ -126,7 +126,7 @@ spec:
- name: SYSTEM_LOG_URL - name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000 value: http://api-service.system-log.svc.cluster.local:8000
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000 value: http://backend-svc.django.svc.cluster.local:80
- name: MARKS_PROCESSING_URL - name: MARKS_PROCESSING_URL
value: http://marks-service:8000 value: http://marks-service:8000
- name: PUBLIC_LINK_HOST - name: PUBLIC_LINK_HOST
@ -166,8 +166,8 @@ spec:
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

2
apps/documentations/base/filestream-service.yaml
View File

@ -11,5 +11,5 @@ spec:
ports: ports:
- name: http - name: http
port: 80 port: 80
targetPort: 8000 targetPort: 8080
protocol: TCP protocol: TCP

32
apps/documentations/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: documentations
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ae1bb076
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 25m
memory: 100Mi
imagePullSecrets:
- name: regcred

15
apps/documentations/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
namespace: documentations
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

3
apps/documentations/base/kustomization.yaml
View File

@ -8,7 +8,8 @@ resources:
- api-deployment.yaml - api-deployment.yaml
- pdm-deployment.yaml - pdm-deployment.yaml
- filestream-deployment.yaml - filestream-deployment.yaml
- frontend-deployment.yaml
- api-service.yaml - api-service.yaml
- pdm-service.yaml - pdm-service.yaml
- filestream-service.yaml - filestream-service.yaml
- frontend-helmrelease.yaml - frontend-service.yaml

22
apps/documentations/base/pdm-deployment.yaml
View File

@ -106,13 +106,13 @@ spec:
- name: CACHE_DEFAULT_EXPIRATION - name: CACHE_DEFAULT_EXPIRATION
value: 60s value: 60s
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000 value: http://backend-svc.django.svc.cluster.local:80
- name: DJANGO_ORIGINATOR - name: DJANGO_ORIGINATOR
value: docs_prod value: docs_prod
- name: DOCUMENTATION_URL - name: DOCUMENTATION_URL
value: http://documentations-api.documentations.svc.cluster.local:8080/ value: http://backend-api-svc.documentations.svc.cluster.local:80/
- name: EAV_URL - name: EAV_URL
value: http://eav-service.eav.svc.cluster.local:8000 value: http://backend-svc.eav.svc.cluster.local:80
- name: ENABLE_OBSERVABILITY - name: ENABLE_OBSERVABILITY
value: "false" value: "false"
- name: ENABLE_S3 - name: ENABLE_S3
@ -122,7 +122,7 @@ spec:
- name: ENVIRONMENT - name: ENVIRONMENT
value: prod value: prod
- name: FLOWS_URL - name: FLOWS_URL
value: http://backend-service.flows.svc.cluster.local:8000 value: http://backend-svc.flows.svc.cluster.local:80
- name: HEIGHT_THUMB_ATTACHMENTS - name: HEIGHT_THUMB_ATTACHMENTS
value: "300" value: "300"
- name: HEIGHT_THUMB_STATES - name: HEIGHT_THUMB_STATES
@ -147,13 +147,13 @@ spec:
- name: S3_SERVICE_ACCOUNT - name: S3_SERVICE_ACCOUNT
value: /vault/secrets/documentations-s3-account-json value: /vault/secrets/documentations-s3-account-json
- name: STATES_URL - name: STATES_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/ value: http://backend-svc.workspaces.svc.cluster.local:80/
- name: SUBSCRIPTIONS_URL - name: SUBSCRIPTIONS_URL
value: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80 value: http://backend-svc.subscriptions.svc.cluster.local:80
- name: SYSTEM_LOG_URL - name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000 value: http://api-service.system-log.svc.cluster.local:8000
- name: TARGET_URL - name: TARGET_URL
value: http://backend.django.svc.cluster.local:8000 value: http://backend-svc.django.svc.cluster.local:80
- name: USE_CACHE_IN_FILE_STREAMER - name: USE_CACHE_IN_FILE_STREAMER
value: "1" value: "1"
- name: USE_SUBSCRIPTIONS - name: USE_SUBSCRIPTIONS
@ -167,15 +167,15 @@ spec:
- name: WORKFLOW_IMAGES_VERSION - name: WORKFLOW_IMAGES_VERSION
value: master value: master
- name: WORKFLOW_URL - name: WORKFLOW_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000/ value: http://backend-svc.processing.svc.cluster.local:80/
- name: WORKSPACE_BUNDLE_VERSION - name: WORKSPACE_BUNDLE_VERSION
value: v1 value: v1
- name: WORKSPACE_URL - name: WORKSPACE_URL
value: http://workspaces-service.workspaces.svc.cluster.local:8000/ value: http://backend-svc.workspaces.svc.cluster.local:80/
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

275
apps/documentations/brusnika-stage/api.yaml Normal file
View File

@ -0,0 +1,275 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: documentations-api
namespace: documentations
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_5904312b
pullPolicy:
_default: IfNotPresent
volumes:
_default:
- name: documentations-yc-s3-secret
mountPath: "/etc/sarex/yc-s3-storage"
readOnly: true
secret:
secretName:
_default: "documentations-yc-s3"
deployment:
enabled: true
name:
_default: documentations-api
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: documentations-api
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: POSTGRES_ADDRESS
value:
_default: "192.168.2.45"
- name: POSTGRES_PORT
value:
_default: "5432"
- name: POSTGRES_DB
value:
_default: "documentations"
- name: POSTGRES_POOL_SIZE
value:
_default: "20"
- name: FLOWS_URL
value:
_default: "http://backend-service.flows.svc.cluster.local:8000"
- name: LAST_MASTER_BIM
value:
_default: "36311"
- name: API_ADDRESS
value:
_default: "0.0.0.0:8080"
- name: API_ADDRESS_FILE
value:
_default: "0.0.0.0:8080"
- name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
value:
_default: "5"
- name: ENABLE_SQL_QUERY
value:
_default: "0"
- name: ENABLE_SSL
value:
_default: "0"
- name: WORKSPACE_V2_EXTERNAL_URL
value:
_default: "https://test.sarex.brusnika.tech/workspaces-v2/"
- name: ENABLE_S3
value:
_default: "1"
- name: CONTAINER_REGISTRY
value:
_default: "cr.yandex/crp3ccidau046kdj8g9q"
- name: ENVIRONMENT
value:
_default: "production"
- name: HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: FILE_STREAM_HOST
value:
_default: "cde.brusnika.lonsdaleites.ru"
- name: DOCUMENTATION_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/"
- name: WORKFLOW_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/"
- name: WORKSPACE_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
- name: BIM_API_URL
value:
_default: "http://bim-api-service.bim.svc.cluster.local:8080/"
- name: BIM_API_V2_URL
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: WORKSPACE_BUNDLE_VERSION
value:
_default: "v1"
- name: SYSTEM_LOG_URL
value:
_default: "http://api-service.system-log.svc.cluster.local:8000"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: MARKS_PROCESSING_URL
value:
_default: "http://marks-service:8000"
- name: PUBLIC_LINK_HOST
value:
_default: "https://document-link.test.sarex.brusnika.tech"
- name: NAMESPACE
value:
_default: "documentations"
- name: DJANGO_ORIGINATOR
value:
_default: "docs_prod"
- name: WORKFLOW_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOWS_IMAGES_VERSION
value:
_default: "master"
- name: S3_SERVICE_ACCOUNT
value:
_default: "/etc/sarex/yc-s3-storage/yc-s3-service-account.json"
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value:
_default: "6h"
- name: CACHE_DEFAULT_EXPIRATION
value:
_default: "60s"
- name: CACHE_CLEANUP_INTERVAL
value:
_default: "60s"
- name: USE_CACHE_IN_FILE_STREAMER
value:
_default: "1"
secretEnvs:
- name: PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
- name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
secretName:
_default: "yc-jwt-secret"
secretKey: "secret"
- name: POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: DJANGO_BASIC_AUTH_FOR_GET_USER
secretName:
_default: "django-auth"
secretKey: "key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

276
apps/documentations/brusnika-stage/filestream.yaml Normal file
View File

@ -0,0 +1,276 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: documentations-filestream
namespace: documentations
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_5904312b
pullPolicy:
_default: IfNotPresent
volumes:
_default:
- name: documentations-yc-s3-secret
mountPath: "/etc/sarex/yc-s3-storage"
readOnly: true
secret:
secretName:
_default: "documentations-yc-s3"
deployment:
enabled: true
name:
_default: documentations-filestream
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: documentations-filestream
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: POSTGRES_ADDRESS
value:
_default: "192.168.2.45"
- name: POSTGRES_PORT
value:
_default: "5432"
- name: POSTGRES_DB
value:
_default: "documentations"
- name: POSTGRES_POOL_SIZE
value:
_default: "20"
- name: FLOWS_URL
value:
_default: "http://backend-service.flows.svc.cluster.local:8000"
- name: LAST_MASTER_BIM
value:
_default: "36311"
- name: API_ADDRESS
value:
_default: "0.0.0.0:8080"
- name: API_ADDRESS_FILE
value:
_default: "0.0.0.0:8080"
- name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
value:
_default: "5"
- name: ENABLE_SQL_QUERY
value:
_default: "0"
- name: ENABLE_SSL
value:
_default: "0"
- name: WORKSPACE_V2_EXTERNAL_URL
value:
_default: "https://test.sarex.brusnika.tech/workspaces-v2/"
- name: ENABLE_S3
value:
_default: "1"
- name: CONTAINER_REGISTRY
value:
_default: "cr.yandex/crp3ccidau046kdj8g9q"
- name: ENVIRONMENT
value:
_default: "production"
- name: HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: FILE_STREAM_HOST
value:
_default: "cde.brusnika.lonsdaleites.ru"
- name: DOCUMENTATION_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/"
- name: WORKFLOW_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/"
- name: WORKSPACE_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
- name: BIM_API_URL
value:
_default: "http://bim-api-service.bim.svc.cluster.local:8080/"
- name: BIM_API_V2_URL
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: WORKSPACE_BUNDLE_VERSION
value:
_default: "v1"
- name: SYSTEM_LOG_URL
value:
_default: "http://api-service.system-log.svc.cluster.local:8000"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: MARKS_PROCESSING_URL
value:
_default: "http://marks-service:8000"
- name: PUBLIC_LINK_HOST
value:
_default: "https://document-link.test.sarex.brusnika.tech"
- name: NAMESPACE
value:
_default: "documentations"
- name: DJANGO_ORIGINATOR
value:
_default: "docs_prod"
- name: WORKFLOW_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOWS_IMAGES_VERSION
value:
_default: "master"
- name: S3_SERVICE_ACCOUNT
value:
_default: "/etc/sarex/yc-s3-storage/yc-s3-service-account.json"
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value:
_default: "6h"
- name: CACHE_DEFAULT_EXPIRATION
value:
_default: "60s"
- name: CACHE_CLEANUP_INTERVAL
value:
_default: "60s"
- name: USE_CACHE_IN_FILE_STREAMER
value:
_default: "1"
secretEnvs:
- name: PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
- name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
secretName:
_default: "yc-jwt-secret"
secretKey: "secret"
- name: POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: DJANGO_BASIC_AUTH_FOR_GET_USER
secretName:
_default: "django-auth"
secretKey: "key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

70
apps/documentations/base/frontend-helmrelease.yaml → apps/documentations/brusnika-stage/frontend.yaml
View File

@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: documentations-frontend name: documentation-frontend-static
namespace: documentations namespace: documentations
spec: spec:
interval: 10m interval: 10m
chart: chart:
spec: spec:
chart: universal-chart chart: universal-chart
@ -15,51 +16,78 @@ spec:
name: yc-oci-charts name: yc-oci-charts
namespace: flux-system namespace: flux-system
interval: 10m interval: 10m
install: install:
remediation: remediation:
retries: 3 retries: 3
upgrade: upgrade:
remediation: remediation:
retries: 3 retries: 3
values: values:
global: global:
env: _default env: _default
services: services:
frontend: frontend:
enabled: true enabled: true
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
port:
_default: 80
resources:
requests:
memory:
_default: 100Mi
cpu:
_default: 100m
image: image:
name: name:
_default: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ce5555d3 _default: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_5a4e4adc
pullPolicy: pullPolicy:
_default: IfNotPresent _default: IfNotPresent
service:
deployment:
enabled: true enabled: true
name: name:
_default: frontend-service _default: documentation-frontend-static
type:
_default: ClusterIP replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port: port:
_default: 80 _default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: documentation-frontend-static-service
type:
_default: ClusterIP
port:
_default: 80
targetPort: targetPort:
_default: 80 _default: 80
portName: portName:
_default: http _default: http
imagePullSecrets: imagePullSecrets:
enabled: enabled:
_default: true _default: true
name: name:
_default: regcred _default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

9
apps/documentations/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: documentations
resources:
- frontend.yaml
- pdm.yaml
- api.yaml
- filestream.yaml

329
apps/documentations/brusnika-stage/pdm.yaml Normal file
View File

@ -0,0 +1,329 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: pdm-api
namespace: documentations
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_9507c2d5
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: pdm-api
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: pdm-api
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: USE_EXPERIMENTAL
value:
_default: "true"
- name: API_ADDRESS
value:
_default: "0.0.0.0:8080"
- name: API_ADDRESS_FILE
value:
_default: "0.0.0.0:8080"
- name: API_HOST_PREFIX
value:
_default: "/"
- name: APP_NAME
value:
_default: "pdm_v2"
- name: APP_VERSION
value:
_default: "0.0.1"
- name: TRANSMITTALS_BASE_URL
value:
_default: ""
- name: TRANSMITTALS_ENABLE
value:
_default: "false"
- name: DRAWINGS_INTERNAL_URL
value:
_default: "http://drawings-api-service.drawings.svc.cluster.local:80"
- name: ATTACHMENTS_URL
value:
_default: "http://attachments-service.attachments.svc.cluster.local:8000"
- name: BIM_API_V2_URL
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: BIM_V2_HOST
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: CACHE_CLEANUP_INTERVAL
value:
_default: "60s"
- name: CACHE_DEFAULT_EXPIRATION
value:
_default: "60s"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: DJANGO_ORIGINATOR
value:
_default: "docs_prod"
- name: DOCUMENTATION_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/"
- name: EAV_URL
value:
_default: "http://eav-service.eav.svc.cluster.local:8000"
- name: ENABLE_OBSERVABILITY
value:
_default: "false"
- name: ENABLE_PERMISSIONS_FILTER
value:
_default: "false"
- name: ENABLE_S3
value:
_default: "1"
- name: ENABLE_SSL
value:
_default: "0"
- name: ENVIRONMENT
value:
_default: "prod"
- name: FLOWS_URL
value:
_default: "http://backend-service.flows.svc.cluster.local:8000"
- name: HEIGHT_THUMB_ATTACHMENTS
value:
_default: "300"
- name: HEIGHT_THUMB_STATES
value:
_default: "73"
- name: HTTP_PORT
value:
_default: "8080"
- name: INSPECTIONS_URL
value:
_default: "http://inspections-service.inspections.svc.cluster.local:80"
- name: LOG_LEVEL
value:
_default: "INFO"
- name: NOTES_URL
value:
_default: ""
- name: OBSERVABILITY_COLLECTOR_ENDPOINT
value:
_default: "temp"
- name: POSTGRES_ADDRESS
value:
_default: "192.168.2.45"
- name: POSTGRES_DB
value:
_default: "documentations"
- name: POSTGRES_POOL_SIZE
value:
_default: "20"
- name: POSTGRES_PORT
value:
_default: "5432"
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value:
_default: "6h"
- name: RELEASES_URL
value:
_default: "https://gitlab.com"
- name: REMARKS_URL
value:
_default: "http://remarks-static-service.remarks.svc.cluster.local:8080/remarks"
- name: RESOURCES_URL
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: S3_SERVICE_ACCOUNT
value:
_default: "/etc/sarex/yc-s3-storage/yc-s3-service-account.json"
- name: STATES_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
- name: SUBSCRIPTIONS_URL
value:
_default: "http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80"
- name: SYSTEM_LOG_URL
value:
_default: "http://api-service.system-log.svc.cluster.local:8000"
- name: TARGET_URL
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: USE_CACHE_IN_FILE_STREAMER
value:
_default: "1"
- name: USE_SUBSCRIPTIONS
value:
_default: "false"
- name: WIDTH_THUMB_ATTACHMENTS
value:
_default: "300"
- name: WIDTH_THUMB_STATES
value:
_default: "120"
- name: WORKFLOWS_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOW_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOW_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/"
- name: WORKSPACE_BUNDLE_VERSION
value:
_default: "v1"
- name: WORKSPACE_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
secretEnvs:
- name: RELEASES_TOKEN
secretName:
_default: "releases-token"
secretKey: "key"
- name: POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

2
apps/documentations/yc-k8s-test/kustomization.yaml
View File

@ -4,4 +4,6 @@ kind: Kustomization
resources: resources:
- ../base - ../base
- postgresql.yaml - postgresql.yaml
- redis-deployment.yaml
- redis-service.yaml
patches: [] patches: []

3
apps/documentations/yc-k8s-test/postgresql.yaml
View File

@ -91,7 +91,8 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

27
apps/documentations/yc-k8s-test/redis-deployment.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: documentations
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: cr.yandex/crp3ccidau046kdj8g9q/redis:latest
imagePullPolicy: Always
ports:
- containerPort: 6379
protocol: TCP
imagePullSecrets:
- name: regcred

13
apps/documentations/yc-k8s-test/redis-service.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: documentations
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
protocol: TCP

3
apps/drawings/yc-k8s-test/postgresql.yaml
View File

@ -91,7 +91,8 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

2
apps/eav/base/backend-deployment.yaml
View File

@ -89,7 +89,7 @@ spec:
resources: resources:
requests: requests:
cpu: 100m cpu: 25m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:

4
apps/eav/base/backend-service.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: backend-service name: backend-svc
namespace: eav namespace: eav
spec: spec:
type: ClusterIP type: ClusterIP
@ -10,6 +10,6 @@ spec:
app: backend app: backend
ports: ports:
- name: http - name: http
port: 8000 port: 80
targetPort: 8000 targetPort: 8000
protocol: TCP protocol: TCP

208
apps/eav/brusnika-stage/helmrelease.yaml Normal file
View File

@ -0,0 +1,208 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: backend
namespace: eav
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_2460295f
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: eav-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: asset
mountPath:
_default: /server/assets/api/v0/views/asset.py
subPath:
_default: asset.py
readOnly:
_default: true
configMap:
name:
_default: asset
items:
- key: asset.py
path:
_default: asset.py
- name: permissions
mountPath:
_default: /server/core/permissions.py
subPath:
_default: permissions.py
readOnly:
_default: true
configMap:
name:
_default: permissions
items:
- key: permissions.py
path:
_default: permissions.py
- name: django-configmap
mountPath:
_default: /server/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: django-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: KAFKA_USERNAME
value:
_default: "sarex"
- name: KAFKA_SSL_CAFILE
value:
_default: "/usr/local/share/ca-certificates/kafka.crt"
- name: KAFKA_HOST
value:
_default: "brusnika-stage-kafka-bootstrap.kafka.svc.cluster.local:9093"
- name: ASSETS_TOPIC
value:
_default: "sarex"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: DJANGO_POSTGRES_HOST
value:
_default: "192.168.2.45"
- name: DJANGO_POSTGRES_DATABASE
value:
_default: "eav"
- name: YC_S3_ENDPOINT_URL
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: YC_S3_BUCKET_NAME
value:
_default: "eav"
secretEnvs:
- name: KAFKA_PASSWORD
secretName:
_default: "kafka-cred"
secretKey: "password"
- name: DJANGO_POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DJANGO_POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
- name: YC_S3_ACCESS_KEY_ID
secretName:
_default: "s3-secret"
secretKey: "login"
- name: YC_S3_SECRET_ACCESS_KEY
secretName:
_default: "s3-secret"
secretKey: "password"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/eav/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: eav
resources:
- helmrelease.yaml

3
apps/eav/yc-k8s-test/postgresql.yaml
View File

@ -91,7 +91,8 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

6
apps/faas/base/export-reviews.yaml
View File

@ -38,7 +38,7 @@ spec:
- name: DOCUMENTATIONS_HOST - name: DOCUMENTATIONS_HOST
value: https://sarex.contour.infra.sarex.tech/documentations value: https://sarex.contour.infra.sarex.tech/documentations
- name: EAV_HOST - name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000 value: http://backend-svc.eav.svc.cluster.local:80
- name: TRANSMITTALS_INTERNAL_HOST - name: TRANSMITTALS_INTERNAL_HOST
value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1 value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1
- name: DJANGO_TIMEOUT - name: DJANGO_TIMEOUT
@ -58,7 +58,7 @@ spec:
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

14
apps/flows/base/backend-deployment.yaml
View File

@ -86,17 +86,17 @@ spec:
- name: CELERY_QUEUE - name: CELERY_QUEUE
value: flow value: flow
- name: EAV_HOST - name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000 value: http://backend-svc.eav.svc.cluster.local:80
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend-svc.django.svc.cluster.local:8000/api value: http://backend-svc.django.svc.cluster.local:80/api
- name: PLANNING_HOST - name: PLANNING_HOST
value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp value: http://backend-svc.pm.svc.cluster.local:80/api/pm/msp
- name: PLANNING_USE - name: PLANNING_USE
value: "True" value: "True"
- name: DOCUMENTATION_HOST - name: DOCUMENTATION_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 value: http://backend-api-svc.documentations.svc.cluster.local:80/internal/v1
- name: DOCUMENTATION_EXTERNAL_HOST - name: DOCUMENTATION_EXTERNAL_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 value: http://backend-api-svc.documentations.svc.cluster.local:80/api/v1
- name: ENABLE_ANALYTICS - name: ENABLE_ANALYTICS
value: "1" value: "1"
- name: ENABLE_CELERY - name: ENABLE_CELERY
@ -131,7 +131,7 @@ spec:
value: "60" value: "60"
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

14
apps/flows/base/celery-deployment.yaml
View File

@ -86,17 +86,17 @@ spec:
- name: CELERY_QUEUE - name: CELERY_QUEUE
value: flow value: flow
- name: EAV_HOST - name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000 value: http://backend-svc.eav.svc.cluster.local:80
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend-svc.django.svc.cluster.local:8000/api value: http://backend-svc.django.svc.cluster.local:80/api
- name: PLANNING_HOST - name: PLANNING_HOST
value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp value: http://backend-service.pm.svc.cluster.local:80/api/pm/msp
- name: PLANNING_USE - name: PLANNING_USE
value: "True" value: "True"
- name: DOCUMENTATION_HOST - name: DOCUMENTATION_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 value: http://backend-api-svc.documentations.svc.cluster.local:80/internal/v1
- name: DOCUMENTATION_EXTERNAL_HOST - name: DOCUMENTATION_EXTERNAL_HOST
value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 value: http://backend-api-svc.documentations.svc.cluster.local:80/api/v1
- name: ENABLE_ANALYTICS - name: ENABLE_ANALYTICS
value: "1" value: "1"
- name: ENABLE_CELERY - name: ENABLE_CELERY
@ -131,7 +131,7 @@ spec:
value: "60" value: "60"
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

32
apps/flows/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: flows
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_5b2bd144
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 25m
memory: 100Mi
imagePullSecrets:
- name: regcred

15
apps/flows/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
namespace: flows
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

3
apps/flows/base/kustomization.yaml
View File

@ -7,5 +7,6 @@ resources:
- serviceaccount.yaml - serviceaccount.yaml
- backend-deployment.yaml - backend-deployment.yaml
- celery-deployment.yaml - celery-deployment.yaml
- frontend-deployment.yaml
- backend-service.yaml - backend-service.yaml
- frontend-helmrelease.yaml - frontend-service.yaml

3
apps/flows/yc-k8s-test/postgresql.yaml
View File

@ -91,7 +91,8 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
memory: 512Mi cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

4
apps/inspections/base/backend-deployment.yaml
View File

@ -114,7 +114,7 @@ spec:
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/inspections/yc-k8s-test/postgresql.yaml
View File

@ -89,6 +89,10 @@ spec:
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 6 failureThreshold: 6
resources:
requests:
cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

24
apps/issues/base/backend-deployment.yaml
View File

@ -100,33 +100,33 @@ spec:
- name: ENVIRONMENT - name: ENVIRONMENT
value: production value: production
- name: AERO_PUBLIC_HOST - name: AERO_PUBLIC_HOST
value: https://srx.wb.ru value: https://sarex.contour.infra.sarex.tech
- name: AERO_HOST - name: AERO_HOST
value: https://srx.wb.ru value: https://sarex.contour.infra.sarex.tech
- name: BASE_AERO_URL - name: BASE_AERO_URL
value: https://srx.wb.ru value: https://sarex.contour.infra.sarex.tech
- name: BASE_AUTH_URL - name: BASE_AUTH_URL
value: http://backend-svc.django.svc.cluster.local:8000 value: http://backend-svc.django.svc.cluster.local:80
- name: WORKFLOWS_HOST - name: WORKFLOWS_HOST
value: http://workflows-api-service.workflow.svc.cluster.local:8000 value: http://backend-svc.workflow.svc.cluster.local:80
- name: WORKFLOWS_URL - name: WORKFLOWS_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000 value: http://backend-svc.workflow.svc.cluster.local:80
- name: RESOURCES_API_HOST - name: RESOURCES_API_HOST
value: http://resources-service.resources.svc.cluster.local:8000 value: http://backend-svc.resources.svc.cluster.local:80
- name: EAV_HOST - name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000 value: http://backend-svc.eav.svc.cluster.local:80
- name: SAREX_API - name: SAREX_API
value: https://srx.wb.ru value: https://sarex.contour.infra.sarex.tech
- name: DOCUMENTATIONS_URL - name: DOCUMENTATIONS_URL
value: http://documentations-api.documentations.svc.cluster.local:8080 value: http://documentations-api-svc.documentations.svc.cluster.local:80
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: API_ADDRESS - name: API_ADDRESS
value: "8000" value: "8000"
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
volumeMounts: volumeMounts:
- name: production-configmap - name: production-configmap
mountPath: /src/config/settings/production.py mountPath: /src/config/settings/production.py

12
apps/issues/base/celery-deployment.yaml
View File

@ -106,27 +106,27 @@ spec:
- name: BASE_AERO_URL - name: BASE_AERO_URL
value: https://srx.wb.ru value: https://srx.wb.ru
- name: BASE_AUTH_URL - name: BASE_AUTH_URL
value: http://backend-svc.django.svc.cluster.local:8000 value: http://backend-svc.django.svc.cluster.local:80
- name: WORKFLOWS_HOST - name: WORKFLOWS_HOST
value: http://workflows-api-service.workflow.svc.cluster.local:8000 value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: WORKFLOWS_URL - name: WORKFLOWS_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000 value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: RESOURCES_API_HOST - name: RESOURCES_API_HOST
value: http://resources-service.resources.svc.cluster.local:8000 value: http://backend-svc.resources.svc.cluster.local:80
- name: EAV_HOST - name: EAV_HOST
value: http://eav-service.eav.svc.cluster.local:8000 value: http://backend-svc.eav.svc.cluster.local:80
- name: SAREX_API - name: SAREX_API
value: https://srx.wb.ru value: https://srx.wb.ru
- name: DOCUMENTATIONS_URL - name: DOCUMENTATIONS_URL
value: http://documentations-api.documentations.svc.cluster.local:8080 value: http://backend-api-svc.documentations.svc.cluster.local:80
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: API_ADDRESS - name: API_ADDRESS
value: "8000" value: "8000"
resources: resources:
requests: requests:
cpu: "1" cpu: "25m"
memory: 1Gi memory: 128Mi
volumeMounts: volumeMounts:
- name: production-configmap - name: production-configmap
mountPath: /src/config/settings/production.py mountPath: /src/config/settings/production.py

32
apps/issues/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: issues
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:716a2b73
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 25m
memory: 100Mi
imagePullSecrets:
- name: regcred

65
apps/issues/base/frontend-helmrelease.yaml
View File

@ -1,65 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: issues-frontend
namespace: issues
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
port:
_default: 80
resources:
requests:
memory:
_default: 100Mi
cpu:
_default: 100m
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:716a2b73
pullPolicy:
_default: IfNotPresent
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred

15
apps/issues/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
namespace: issues
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

3
apps/issues/base/kustomization.yaml
View File

@ -7,6 +7,7 @@ resources:
- serviceaccount.yaml - serviceaccount.yaml
- backend-deployment.yaml - backend-deployment.yaml
- celery-deployment.yaml - celery-deployment.yaml
- frontend-deployment.yaml
- backend-service.yaml - backend-service.yaml
- frontend-helmrelease.yaml - frontend-service.yaml
- production-configmap.yaml - production-configmap.yaml

8
apps/issues/base/production-configmap.yaml
View File

@ -40,7 +40,7 @@ data:
DEBUG = False DEBUG = False
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
REVIEW_HOST='http://backend-service.flows.svc.cluster.local:8000' REVIEW_HOST='http://backend-svc.flows.svc.cluster.local:80'
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# EXTERNAL SERVICES END # EXTERNAL SERVICES END
@ -60,6 +60,10 @@ data:
USE_NOTIFICATIONS = True USE_NOTIFICATIONS = True
# JWT SETTINGS START # JWT SETTINGS START
if not os.environ.get("JWT_PRIVATE_KEY"):
os.environ["JWT_PRIVATE_KEY"] = _read_secret_file("/vault/secrets/django-jwt-private")
if not os.environ.get("JWT_PUBLIC_KEY"):
os.environ["JWT_PUBLIC_KEY"] = _read_secret_file("/vault/secrets/django-jwt-public")
# --------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------
SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer") SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer")
@ -122,7 +126,7 @@ data:
AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API) AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API)
BASE_AERO_URL = "http://backend-svc.django.svc.cluster.local:8000" BASE_AERO_URL = "http://backend-svc.django.svc.cluster.local:80"
ENVIRONMENT = "production" ENVIRONMENT = "production"

Some files were not shown because too many files have changed in this diff Show More