--- apiVersion: apps/v1 kind: Deployment metadata: name: documentations-api namespace: documentations labels: app: documentations-api service: documentations-api spec: replicas: 1 selector: matchLabels: app: documentations-api template: metadata: labels: app: documentations-api service: documentations-api annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "8200" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: documentations vault.hashicorp.com/agent-inject-secret-documentations-postgresql: secrets/data/postgresql/apps/documentations vault.hashicorp.com/agent-inject-template-documentations-postgresql: |- {{- with secret "secrets/data/postgresql/apps/documentations" -}} POSTGRES_ADDRESS=postgresql.documentations.svc.cluster.local POSTGRES_PORT=5432 POSTGRES_DB=documentations_db POSTGRES_USER={{ index .Data.data "username" }} POSTGRES_PASSWORD={{ index .Data.data "password" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-documentations-common: secrets/data/vault/common/django_auth vault.hashicorp.com/agent-inject-template-documentations-common: |- {{- with secret "secrets/data/vault/common/django_auth" -}} DJANGO_BASIC_AUTH={{ index .Data.data "key" }} DJANGO_BASIC_AUTH_FOR_GET_USER={{ index .Data.data "key" }} DOCUMENT_PUBLIC_LINK_JWT_SECRET={{ index .Data.data "documentations_public_link_jwt_secret" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-documentations-s3-account-json: secrets/data/vault/common/django_auth vault.hashicorp.com/agent-inject-template-documentations-s3-account-json: |- {{- with secret "secrets/data/vault/common/django_auth" -}} {{ index .Data.data "documentations_s3_service_account_json" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-documentations-zitadel-account-json: secrets/data/vault/common/django_auth vault.hashicorp.com/agent-inject-template-documentations-zitadel-account-json: |- {{- with secret "secrets/data/vault/common/django_auth" -}} {{ index .Data.data "documentations_zitadel_account_json" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-documentations-rsa-public: secrets/data/vault/common/rsa_keys vault.hashicorp.com/agent-inject-template-documentations-rsa-public: |- {{- with secret "secrets/data/vault/common/rsa_keys" -}} {{ index .Data.data "public_key" }} {{- end -}} spec: serviceAccountName: documentations-vault containers: - name: documentations-api image: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_a9990430 imagePullPolicy: IfNotPresent command: ["/bin/sh", "-ec"] args: - | set -a [ -f /vault/secrets/documentations-postgresql ] && . /vault/secrets/documentations-postgresql [ -f /vault/secrets/documentations-common ] && . /vault/secrets/documentations-common [ -f /vault/secrets/documentations-rsa-public ] && export PUBLIC_KEY="$(cat /vault/secrets/documentations-rsa-public)" set +a exec /app/entrypoint.sh ports: - name: http containerPort: 8000 protocol: TCP env: - name: POSTGRES_POOL_SIZE value: "20" - name: ZITADEL_ACCOUNT value: /vault/secrets/documentations-zitadel-account-json - name: ZITADEL_DOMAIN value: zitadel-srx.wb.ru - name: USE_ZITADEL value: "1" - name: FLOWS_URL value: http://backend-service.flows.svc.cluster.local:8000 - name: LAST_MASTER_BIM value: "36311" - name: API_ADDRESS value: 0.0.0.0:8080 - name: API_ADDRESS_FILE value: 0.0.0.0:8080 - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES value: "5" - name: ENABLE_SQL_QUERY value: "0" - name: ENABLE_SSL value: "0" - name: WORKSPACE_V2_EXTERNAL_URL value: https://srx.wb.ru/workspaces-v2/ - name: ENABLE_S3 value: "1" - name: CONTAINER_REGISTRY value: cr.yandex/crp3ccidau046kdj8g9q - name: ENVIRONMENT value: production - name: LAST_SLAVE_1_BIM value: "1000000" - name: HOST value: http://documentations-api.documentations.svc.cluster.local:8080 - name: FILE_STREAM_HOST value: srx.wb.ru - name: DOCUMENTATION_URL value: http://documentations-api.documentations.svc.cluster.local:8080/ - name: WORKFLOW_URL value: http://workflows-api-service.workflow.svc.cluster.local:8000/ - name: WORKSPACE_URL value: http://workspaces-service.workspaces.svc.cluster.local:8000/ - name: BIM_API_URL value: http://bim-api-service.bim.svc.cluster.local:8080/ - name: BIM_API_V2_URL value: http://backend-service.bim.svc.cluster.local:8000/ - name: WORKSPACE_BUNDLE_VERSION value: v1 - name: SYSTEM_LOG_URL value: http://api-service.system-log.svc.cluster.local:8000 - name: DJANGO_HOST value: http://backend.django.svc.cluster.local:8000 - name: MARKS_PROCESSING_URL value: http://marks-service:8000 - name: PUBLIC_LINK_HOST value: https://document-link-srx.wb.ru - name: NAMESPACE value: documentations - name: DJANGO_ORIGINATOR value: docs_prod - name: WORKFLOW_IMAGES_VERSION value: master - name: WORKFLOWS_IMAGES_VERSION value: master - name: S3_SERVICE_ACCOUNT value: /vault/secrets/documentations-s3-account-json - name: READ_WRITE_TIMEOUT_FILE_STREAM value: 6h - name: CACHE_DEFAULT_EXPIRATION value: 60s - name: ENABLE_SMTP value: "True" - name: ENABLE_MAILGUN value: "False" - name: CACHE_CLEANUP_INTERVAL value: 60s - name: ENABLE_AUTH_JWT_IN_URL value: "false" - name: ENABLE_SIGNATURE_IN_URL value: "true" - name: USE_CACHE_IN_FILE_STREAMER value: "0" - name: VALKEY_ADDR value: redis:6379 - name: VALKEY_HOST value: redis - name: VALKEY_PORT value: "6379" resources: requests: cpu: "1" memory: 1Gi imagePullSecrets: - name: regcred