--- apiVersion: apps/v1 kind: Deployment metadata: name: backend namespace: mapper labels: app: backend spec: replicas: 3 selector: matchLabels: app: backend template: metadata: labels: app: backend annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "8200" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: mapper vault.hashicorp.com/agent-inject-secret-mapper-django-auth: secrets/data/vault/common/django_auth vault.hashicorp.com/agent-inject-template-mapper-django-auth: |- {{- with secret "secrets/data/vault/common/django_auth" -}} MAPPER_DJANGO_TOKEN={{ index .Data.data "key" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-mapper-db: secrets/data/postgresql/apps/mapper vault.hashicorp.com/agent-inject-template-mapper-db: |- {{- with secret "secrets/data/postgresql/apps/mapper" -}} MAPPER_DB_USER={{ index .Data.data "username" }} MAPPER_DB_PASSWORD={{ index .Data.data "password" }} MAPPER_DB_HOST=postgresql.mapper.svc.cluster.local MAPPER_DB_PORT=5432 MAPPER_DB_NAME=mapper_db {{- end -}} vault.hashicorp.com/agent-inject-secret-mapper-rabbitmq: secrets/data/rabbitmq/apps/mapper vault.hashicorp.com/agent-inject-template-mapper-rabbitmq: |- {{- with secret "secrets/data/rabbitmq/apps/mapper" -}} MAPPER_RABBITMQ_VHOST={{ index .Data.data "vhost" }} MAPPER_RABBITMQ_USERNAME={{ index .Data.data "username" }} MAPPER_RABBITMQ_PASSWORD={{ index .Data.data "password" }} MAPPER_RABBITMQ_HOST=rabbitmq.rabbitmq.svc.cluster.local MAPPER_RABBITMQ_PORT=5672 {{- end -}} vault.hashicorp.com/agent-inject-secret-mapper-s3: secrets/data/minio/apps/mapper vault.hashicorp.com/agent-inject-template-mapper-s3: |- {{- with secret "secrets/data/minio/apps/mapper" -}} MAPPER_S3_ENDPOINT={{ index .Data.data.client "endpoint" }} MAPPER_S3_REGION={{ index .Data.data.client "region" }} MAPPER_S3_BUCKET=mapper MAPPER_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }} MAPPER_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-mapper-kafka: secrets/data/kafka/apps/mapper vault.hashicorp.com/agent-inject-template-mapper-kafka: |- {{- with secret "secrets/data/kafka/apps/mapper" -}} MAPPER_KAFKA_BOOTSTRAP_SERVERS={{ index .Data.data.auth "bootstrap_servers" }} MAPPER_KAFKA_SECURITY_PROTOCOL={{ index .Data.data.auth "security_protocol" }} MAPPER_KAFKA_SASL_MECHANISM={{ index .Data.data.auth "sasl_mechanism" }} MAPPER_KAFKA_USERNAME={{ index .Data.data "username" }} MAPPER_KAFKA_PASSWORD={{ index .Data.data "password" }} {{- end -}} spec: serviceAccountName: mapper-vault containers: - name: backend image: cr.yandex/crp3ccidau046kdj8g9q/mapper:prod_b0d05a34 imagePullPolicy: IfNotPresent command: ["/bin/bash", "-ec"] args: - | set -a [ -f /vault/secrets/mapper-django-auth ] && . /vault/secrets/mapper-django-auth [ -f /vault/secrets/mapper-db ] && . /vault/secrets/mapper-db [ -f /vault/secrets/mapper-rabbitmq ] && . /vault/secrets/mapper-rabbitmq [ -f /vault/secrets/mapper-s3 ] && . /vault/secrets/mapper-s3 [ -f /vault/secrets/mapper-kafka ] && . /vault/secrets/mapper-kafka set +a exec /bin/bash /opt/entrypoint.sh ports: - name: http containerPort: 8000 protocol: TCP env: - name: DOCUMENTATION_HOST value: https://api.sarex.io/documentations/api/v1 - name: FLOW_HOST value: https://api.sarex.io/flows/api/v1 - name: DJANGO_HOST value: https://lk.sarex.io/api - name: NOTE_HOST value: https://api.sarex.io/notes/api/v1 - name: REDIS_USE value: "0" - name: TIMEOUT value: "120" resources: requests: cpu: "100m" memory: 128Mi imagePullSecrets: - name: regcred