apiVersion: apps/v1 kind: Deployment metadata: name: backend namespace: eav labels: app: backend spec: replicas: 1 selector: matchLabels: app: backend template: metadata: labels: app: backend annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "8200" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: eav vault.hashicorp.com/agent-inject-secret-eav-db: secrets/data/postgresql/apps/eav vault.hashicorp.com/agent-inject-template-eav-db: |- {{- with secret "secrets/data/postgresql/apps/eav" -}} DJANGO_POSTGRES_HOST=postgresql.eav.svc.cluster.local DJANGO_POSTGRES_PORT=5432 DJANGO_POSTGRES_DATABASE=eav_db DJANGO_POSTGRES_USER={{ index .Data.data "username" }} DJANGO_POSTGRES_PASSWORD={{ index .Data.data "password" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-eav-s3: secrets/data/minio/apps/eav vault.hashicorp.com/agent-inject-template-eav-s3: |- {{- with secret "secrets/data/minio/apps/eav" -}} YC_S3_ENDPOINT_URL={{ index .Data.data.client "endpoint" }} YC_S3_BUCKET_NAME=eav YC_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }} YC_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-eav-jwt-private: secrets/data/vault/common/rsa_keys vault.hashicorp.com/agent-inject-template-eav-jwt-private: |- {{- with secret "secrets/data/vault/common/rsa_keys" -}} {{ index .Data.data "private_key" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-eav-jwt-public: secrets/data/vault/common/rsa_keys vault.hashicorp.com/agent-inject-template-eav-jwt-public: |- {{- with secret "secrets/data/vault/common/rsa_keys" -}} {{ index .Data.data "public_key" }} {{- end -}} spec: serviceAccountName: eav-vault volumes: - name: django-configmap configMap: name: django-configmap items: - key: production.py path: production.py defaultMode: 420 containers: - name: backend image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247 imagePullPolicy: IfNotPresent command: ["/bin/sh", "-ec"] args: - | set -a [ -f /vault/secrets/eav-db ] && . /vault/secrets/eav-db [ -f /vault/secrets/eav-s3 ] && . /vault/secrets/eav-s3 [ -f /vault/secrets/eav-jwt-private ] && export JWT_PRIVATE_KEY="$(cat /vault/secrets/eav-jwt-private)" [ -f /vault/secrets/eav-jwt-public ] && export JWT_PUBLIC_KEY="$(cat /vault/secrets/eav-jwt-public)" set +a exec /server/entrypoint.sh ports: - name: http containerPort: 8000 protocol: TCP env: - name: KAFKA_ENABLED value: "False" - name: ASSETS_TOPIC value: sarex - name: DJANGO_SETTINGS_MODULE value: config.settings.production resources: requests: cpu: 100m memory: 100Mi volumeMounts: - name: django-configmap mountPath: /server/config/settings/production.py subPath: production.py livenessProbe: tcpSocket: port: 8000 initialDelaySeconds: 20 periodSeconds: 30 timeoutSeconds: 3 failureThreshold: 5 readinessProbe: tcpSocket: port: 8000 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 6 imagePullSecrets: - name: regcred