--- apiVersion: apps/v1 kind: Deployment metadata: name: backend namespace: pm labels: app: backend service: api spec: replicas: 1 selector: matchLabels: app: backend template: metadata: labels: app: backend service: api annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "8200" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: pm vault.hashicorp.com/agent-inject-secret-pm-db: secrets/data/postgresql/apps/pm vault.hashicorp.com/agent-inject-template-pm-db: |- {{- with secret "secrets/data/postgresql/apps/pm" -}} DB_USERNAME={{ index .Data.data "username" }} DB_PASSWORD={{ index .Data.data "password" }} DB_DATABASE=pm_db DB_HOST=postgresql.pm.svc.cluster.local DB_PORT=5432 {{- end -}} vault.hashicorp.com/agent-inject-secret-pm-rabbitmq: secrets/data/rabbitmq/apps/pm vault.hashicorp.com/agent-inject-template-pm-rabbitmq: |- {{- with secret "secrets/data/rabbitmq/apps/pm" -}} CELERY_RABBITMQ_HOST=rabbitmq.rabbitmq.svc.cluster.local CELERY_RABBITMQ_PORT=5672 CELERY_RABBITMQ_USER={{ index .Data.data "username" }} CELERY_RABBITMQ_PASSWORD={{ index .Data.data "password" }} CELERY_RABBITMQ_VHOST={{ index .Data.data "vhost" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-pm-s3: secrets/data/minio/apps/pm vault.hashicorp.com/agent-inject-template-pm-s3: |- {{- with secret "secrets/data/minio/apps/pm" -}} S3_HOST={{ index .Data.data.client "endpoint" }} S3_LOGIN={{ index .Data.data "access_key" }} S3_PASSWORD={{ index .Data.data "secret_key" }} {{- $buckets := index .Data.data "buckets" }} S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}pm-bucket{{- end -}} S3_VERIFY=False {{- end -}} spec: serviceAccountName: pm-vault containers: - name: api image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d imagePullPolicy: IfNotPresent command: ["/bin/bash", "-ec"] args: - | set -a [ -f /vault/secrets/pm-db ] && . /vault/secrets/pm-db [ -f /vault/secrets/pm-rabbitmq ] && . /vault/secrets/pm-rabbitmq [ -f /vault/secrets/pm-s3 ] && . /vault/secrets/pm-s3 set +a exec /opt/sarex/entrypoint.sh ports: - name: http containerPort: 8000 protocol: TCP env: - name: USERS_INTERNAL_HOST value: http://backend-service.sarex.svc.cluster.local:8000 - name: CELERY_REDIS_HOST value: redis.pm.svc.cluster.local - name: RESOURCES_INTERNAL_HOST value: http://sarex-resources-service.resources - name: EAV_HOST value: http://eav-service.eav - name: EAV_API_PREFIX value: /api/v0 - name: EAV_API_PREFIX_V1 value: /api/v1 - name: TRACING_INSECURE value: "False" - name: SERVER_ENABLE_SYNC_RESOURCES value: "True" - name: SERVER_DELETED_TASK_MAX_AGE_DAYS value: "1" - name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR value: "17" - name: LANG value: C.UTF-8 - name: LC_ALL value: C.UTF-8 - name: PYTHONUTF8 value: "1" - name: CACHE_SSL value: "False" - name: CACHE_SSL_CA_CERTS value: "" - name: CACHE_ENABLE value: "False" - name: CLICKHOUSE_ENABLE value: "False" - name: KAFKA_ENABLE value: "False" - name: AUTH_PUBLIC_TOKEN_URL value: "https://lk.sarex.io/api/token/public/" - name: SERVER_HOST value: "https://lk.sarex.io" - name: SERVER_API_HOST value: "https://api.sarex.io" - name: SERVER_DEBUG value: "False" - name: SERVER_ALLOWED_HOSTS value: '["*"]' - name: SERVER_USE_OTEL value: "False" - name: SERVER_VERIFY_SSL value: "False" - name: SERVER_LOG_LEVEL value: "INFO" resources: requests: cpu: "25m" memory: 128Mi imagePullSecrets: - name: regcred