--- apiVersion: apps/v1 kind: Deployment metadata: name: inspections-backend namespace: inspections labels: app: inspections-backend spec: replicas: 1 selector: matchLabels: app: inspections-backend template: metadata: labels: app: inspections-backend annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "8200" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: inspections vault.hashicorp.com/agent-inject-secret-inspections-db: secrets/data/postgresql/apps/inspections vault.hashicorp.com/agent-inject-template-inspections-db: |- {{- with secret "secrets/data/postgresql/apps/inspections" -}} DATABASE_HOST=postgresql.inspections.svc.cluster.local DATABASE_PORT=5432 DATABASE_NAME=inspections_db DATABASE_USER={{ index .Data.data "username" }} DATABASE_PASSWORD={{ index .Data.data "password" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-inspections-kafka: secrets/data/kafka/apps/inspections vault.hashicorp.com/agent-inject-template-inspections-kafka: |- {{- with secret "secrets/data/kafka/apps/inspections" -}} KAFKA_HOST={{ index .Data.data.auth "bootstrap_servers" }} KAFKA_USERNAME={{ index .Data.data "username" }} KAFKA_PASSWORD={{ index .Data.data "password" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-inspections-django-auth: secrets/data/vault/common/django_auth vault.hashicorp.com/agent-inject-template-inspections-django-auth: |- {{- with secret "secrets/data/vault/common/django_auth" -}} SAREX_BACKEND_AUTH={{ index .Data.data "key" }} {{- end -}} spec: serviceAccountName: inspections-vault containers: - name: inspections-backend image: cr.yandex/crp3ccidau046kdj8g9q/sarex-inspections:production_1a33f6f4 imagePullPolicy: IfNotPresent command: ["/bin/bash", "-ec"] args: - | set -a [ -f /vault/secrets/inspections-db ] && . /vault/secrets/inspections-db [ -f /vault/secrets/inspections-kafka ] && . /vault/secrets/inspections-kafka [ -f /vault/secrets/inspections-django-auth ] && . /vault/secrets/inspections-django-auth set +a exec ./entrypoint.sh ports: - name: http containerPort: 8000 protocol: TCP env: - name: DEBUG value: "false" - name: SERVICE_URL value: https://srx.wb.ru - name: HTTP_APP_HOST value: 0.0.0.0 - name: HTTP_APP_PORT value: "8000" - name: HTTP_APP_ROOT_PATH value: /inspections - name: HTTP_APP_WORKERS value: "3" - name: HTTP_APP_ADMIN_ENABLE value: "true" - name: KAFKA_SSL_CAFILE value: /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt - name: KAFKA_EAV_ASSETS_TOPIC value: assets_broadcast - name: JWT_AUTH_ENABLE value: "true" - name: NOTIFICATIONS_ENABLE value: "true" - name: NOTIFICATIONS_EMAIL_FROM value: hello@sarex.io - name: SAREX_BACKEND_URL value: https://srx.wb.ru - name: SAREX_BACKEND_TIMEOUT value: "30" - name: EAV_URL value: http://eav-service.eav - name: EAV_TIMEOUT value: "30" - name: WORKFLOWS_URL value: http://workflows-service.processing-prod - name: WORKFLOWS_TIMEOUT value: "30" - name: WORKFLOWS_EMAIL_DOCKER_IMAGE value: cr.yandex/crp3ccidau046kdj8g9q/notification:email - name: MOBILE_APP_CURRENT_VERSION value: 1.0.0 - name: MOBILE_APP_RECOMMENDED_VERSION value: 1.0.0 - name: MOBILE_APP_REQUIRED_VERSION value: 1.0.0 - name: MAILER_URL value: http://mailer-service.mailer:8000 - name: MAILER_TIMEOUT value: "30" resources: requests: cpu: "25m" memory: 128Mi imagePullSecrets: - name: regcred