--- apiVersion: apps/v1 kind: Deployment metadata: name: pdm-api namespace: documentations labels: app: pdm-api service: pdm-api spec: replicas: 1 selector: matchLabels: app: pdm-api template: metadata: labels: app: pdm-api service: pdm-api annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "8200" vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/auth-path: auth/kubernetes vault.hashicorp.com/role: documentations vault.hashicorp.com/agent-inject-secret-documentations-postgresql: secrets/data/postgresql/apps/documentations vault.hashicorp.com/agent-inject-template-documentations-postgresql: |- {{- with secret "secrets/data/postgresql/apps/documentations" -}} POSTGRES_ADDRESS=postgresql.documentations.svc.cluster.local POSTGRES_PORT=5432 POSTGRES_DB=documentations_db POSTGRES_USER={{ index .Data.data "username" }} POSTGRES_PASSWORD={{ index .Data.data "password" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-documentations-common: secrets/data/vault/common/django_auth vault.hashicorp.com/agent-inject-template-documentations-common: |- {{- with secret "secrets/data/vault/common/django_auth" -}} DJANGO_BASIC_AUTH={{ index .Data.data "key" }} RELEASES_TOKEN={{ index .Data.data "documentations_releases_token" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-documentations-s3-account-json: secrets/data/vault/common/django_auth vault.hashicorp.com/agent-inject-template-documentations-s3-account-json: |- {{- with secret "secrets/data/vault/common/django_auth" -}} {{ index .Data.data "documentations_s3_service_account_json" }} {{- end -}} vault.hashicorp.com/agent-inject-secret-documentations-rsa-public: secrets/data/vault/common/rsa_keys vault.hashicorp.com/agent-inject-template-documentations-rsa-public: |- {{- with secret "secrets/data/vault/common/rsa_keys" -}} {{ index .Data.data "public_key" }} {{- end -}} spec: serviceAccountName: documentations-vault containers: - name: pdm-api image: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_38958427 imagePullPolicy: IfNotPresent command: ["/bin/sh", "-ec"] args: - | set -a [ -f /vault/secrets/documentations-postgresql ] && . /vault/secrets/documentations-postgresql [ -f /vault/secrets/documentations-common ] && . /vault/secrets/documentations-common [ -f /vault/secrets/documentations-rsa-public ] && export PUBLIC_KEY="$(cat /vault/secrets/documentations-rsa-public)" set +a exec ./httpserver ports: - name: http containerPort: 8080 protocol: TCP env: - name: USE_EXPERIMENTAL value: "true" - name: POSTGRES_POOL_SIZE value: "20" - name: TRANSMITTALS_BASE_URL value: mock - name: API_ADDRESS value: 0.0.0.0:8080 - name: API_ADDRESS_FILE value: 0.0.0.0:8080 - name: BUCKET_NAME value: attachments-storage - name: API_HOST_PREFIX value: / - name: APP_NAME value: pdm_v2 - name: APP_VERSION value: 0.0.1 - name: ENABLE_PERMISSIONS_FILTER value: "1" - name: PERMISSIONS_FILTER_COMPANIES value: '[1]' - name: TRANSMITTALS_ENABLE value: "false" - name: DRAWINGS_INTERNAL_URL value: http://drawings-api-service.drawings.svc.cluster.local:80 - name: ATTACHMENTS_URL value: http://attachments-service.attachments.svc.cluster.local:8000 - name: BIM_API_V2_URL value: http://backend-service.bim.svc.cluster.local:8000/ - name: BIM_V2_HOST value: http://backend-service.bim.svc.cluster.local:8000/ - name: CACHE_CLEANUP_INTERVAL value: 60s - name: CACHE_DEFAULT_EXPIRATION value: 60s - name: DJANGO_HOST value: http://backend-svc.django.svc.cluster.local:80 - name: DJANGO_ORIGINATOR value: docs_prod - name: DOCUMENTATION_URL value: http://documentations-api.documentations.svc.cluster.local:8080/ - name: EAV_URL value: http://eav-service.eav.svc.cluster.local:8000 - name: ENABLE_OBSERVABILITY value: "false" - name: ENABLE_S3 value: "1" - name: ENABLE_SSL value: "0" - name: ENVIRONMENT value: prod - name: FLOWS_URL value: http://backend-service.flows.svc.cluster.local:8000 - name: HEIGHT_THUMB_ATTACHMENTS value: "300" - name: HEIGHT_THUMB_STATES value: "73" - name: HTTP_PORT value: "8080" - name: INSPECTIONS_URL value: http://inspections-service.inspections.svc.cluster.local:80 - name: LOG_LEVEL value: INFO - name: NOTES_URL - name: OBSERVABILITY_COLLECTOR_ENDPOINT value: temp - name: READ_WRITE_TIMEOUT_FILE_STREAM value: 6h - name: RELEASES_URL value: https://gitlab.com - name: REMARKS_URL value: http://remarks-static-service.remarks.svc.cluster.local:8080/remarks - name: RESOURCES_URL value: http://backend-svc.resources.svc.cluster.local:80 - name: S3_SERVICE_ACCOUNT value: /vault/secrets/documentations-s3-account-json - name: STATES_URL value: http://workspaces-service.workspaces.svc.cluster.local:8000/ - name: SUBSCRIPTIONS_URL value: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80 - name: SYSTEM_LOG_URL value: http://api-service.system-log.svc.cluster.local:8000 - name: TARGET_URL value: http://backend-svc.django.svc.cluster.local:80 - name: USE_CACHE_IN_FILE_STREAMER value: "1" - name: USE_SUBSCRIPTIONS value: "false" - name: WIDTH_THUMB_ATTACHMENTS value: "300" - name: WIDTH_THUMB_STATES value: "120" - name: WORKFLOWS_IMAGES_VERSION value: master - name: WORKFLOW_IMAGES_VERSION value: master - name: WORKFLOW_URL value: http://workflows-api-service.workflow.svc.cluster.local:8000/ - name: WORKSPACE_BUNDLE_VERSION value: v1 - name: WORKSPACE_URL value: http://workspaces-service.workspaces.svc.cluster.local:8000/ resources: requests: cpu: "1" memory: 1Gi imagePullSecrets: - name: regcred