sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
iac/apps/eav/base/backend-deployment.yaml

118 lines
4.0 KiB
YAML
Raw Permalink Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: eav
labels:
app: backend
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: eav
vault.hashicorp.com/agent-inject-secret-eav-db: secrets/data/postgresql/apps/eav
vault.hashicorp.com/agent-inject-template-eav-db: |-
{{- with secret "secrets/data/postgresql/apps/eav" -}}
DJANGO_POSTGRES_HOST=postgresql.eav.svc.cluster.local
DJANGO_POSTGRES_PORT=5432
DJANGO_POSTGRES_DATABASE=eav_db
DJANGO_POSTGRES_USER={{ index .Data.data "username" }}
DJANGO_POSTGRES_PASSWORD={{ index .Data.data "password" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-eav-s3: secrets/data/minio/apps/eav
vault.hashicorp.com/agent-inject-template-eav-s3: |-
{{- with secret "secrets/data/minio/apps/eav" -}}
YC_S3_ENDPOINT_URL={{ index .Data.data.client "endpoint" }}
YC_S3_BUCKET_NAME=eav
YC_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }}
YC_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-eav-jwt-private: secrets/data/vault/common/rsa_keys
vault.hashicorp.com/agent-inject-template-eav-jwt-private: |-
{{- with secret "secrets/data/vault/common/rsa_keys" -}}
{{ index .Data.data "private_key" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-eav-jwt-public: secrets/data/vault/common/rsa_keys
vault.hashicorp.com/agent-inject-template-eav-jwt-public: |-
{{- with secret "secrets/data/vault/common/rsa_keys" -}}
{{ index .Data.data "public_key" }}
{{- end -}}
spec:
serviceAccountName: eav-vault
volumes:
- name: django-configmap
configMap:
name: django-configmap
items:
- key: production.py
path: production.py
defaultMode: 420
containers:
- name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-ec"]
args:
- |
set -a
[ -f /vault/secrets/eav-db ] && . /vault/secrets/eav-db
[ -f /vault/secrets/eav-s3 ] && . /vault/secrets/eav-s3
[ -f /vault/secrets/eav-jwt-private ] && export JWT_PRIVATE_KEY="$(cat /vault/secrets/eav-jwt-private)"
[ -f /vault/secrets/eav-jwt-public ] && export JWT_PUBLIC_KEY="$(cat /vault/secrets/eav-jwt-public)"
set +a
exec /server/entrypoint.sh
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: KAFKA_ENABLED
value: "False"
- name: ASSETS_TOPIC
value: sarex
- name: DJANGO_SETTINGS_MODULE
value: config.settings.production
resources:
requests:
cpu: 25m
memory: 100Mi
volumeMounts:
- name: django-configmap
mountPath: /server/config/settings/production.py
subPath: production.py
livenessProbe:
tcpSocket:
port: 8000
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 3
failureThreshold: 5
readinessProbe:
tcpSocket:
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
imagePullSecrets:
- name: regcred
Reference in New Issue View Git Blame Copy Permalink