--- apiVersion: apps/v1 kind: Deployment metadata: name: backend namespace: comparisons labels: app: backend spec: replicas: 1 selector: matchLabels: app: backend template: metadata: labels: app: backend annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "8200" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: comparisons vault.hashicorp.com/agent-inject-secret-comparisons-db: secrets/data/postgresql/apps/comparisons vault.hashicorp.com/agent-inject-template-comparisons-db: |- {{- with secret "secrets/data/postgresql/apps/comparisons" -}} DATABASE_HOST=postgresql.comparisons.svc.cluster.local DATABASE_PORT=5432 DATABASE_DB=comparisons_db DATABASE_USER={{ index .Data.data "username" }} DATABASE_PASSWORD={{ index .Data.data "password" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-comparisons-jwt-public: secrets/data/vault/common/rsa_keys vault.hashicorp.com/agent-inject-template-comparisons-jwt-public: |- {{- with secret "secrets/data/vault/common/rsa_keys" -}} {{ index .Data.data "public_key" }} {{- end -}} spec: serviceAccountName: comparisons-vault volumes: - name: tasks-execution-config configMap: name: tasks-execution-config-comparisons-v2 items: - key: tasks-execution-config-comparisons-v2.json path: tasks-execution-config.json containers: - name: backend image: cr.yandex/crp3ccidau046kdj8g9q/comparisons:prod_863df9f0 imagePullPolicy: IfNotPresent command: ["/bin/bash", "-ec"] args: - | set -a [ -f /vault/secrets/comparisons-db ] && . /vault/secrets/comparisons-db [ -f /vault/secrets/comparisons-jwt-public ] && export AUTH_PUBLIC_KEY="$(cat /vault/secrets/comparisons-jwt-public)" set +a exec /app/entrypoint.sh ports: - name: http containerPort: 8000 protocol: TCP env: - name: APP_NAME value: comparisons - name: APP_VERSION value: 0.0.1 - name: LOGGER_LOG_LEVEL value: info - name: DATABASE_NAME value: postgres - name: ENABLE_SSL value: "false" - name: POSTGRES_POOL_SIZE value: "10" - name: HTTP_PORT value: "8000" - name: DOCUMENTATIONS_INTERNAL_HOST value: http://documentations-service.documentations - name: DOCUMENTATIONS_EXTERNAL_HOST value: https://api.sarex.io/documentations - name: WORKFLOWS_HOST value: http://workflows-service.processing - name: WORKFLOWS_IMAGE_VERSION value: master - name: WORKFLOWS_DJANGO_HOST value: https://lk.sarex.io - name: WORKFLOWS_BIMV2_INTERNAL_HOST value: http://bim-backend-v2-service.bim-api - name: WORKSPACES_HOST value: http://workspaces-service.workspaces - name: EAV_HOST value: https://api.sarex.io/eav - name: LAST_MASTER_BIM value: "36311" - name: LAST_SLAVE_1_BIM value: "94015" - name: LAST_SLAVE_2_BIM value: "135771" - name: ABAP_FIXED_CONC value: "0" - name: WORKFLOWS_CONFIG_FILEPATH value: /etc/app/tasks-execution-config.json resources: requests: cpu: 100m memory: 100Mi volumeMounts: - name: tasks-execution-config readOnly: true mountPath: /etc/app/tasks-execution-config.json subPath: tasks-execution-config.json livenessProbe: httpGet: path: /ping port: 8000 initialDelaySeconds: 10 periodSeconds: 60 failureThreshold: 10 readinessProbe: httpGet: path: /ping port: 8000 initialDelaySeconds: 5 periodSeconds: 5 failureThreshold: 20 imagePullSecrets: - name: regcred