iac/apps/attachments/base/helmrelease.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: attachments
  namespace: attachments
spec:
  interval: 10m
  chart:
    spec:
      chart: universal-chart
      version: "0.1.9"
      sourceRef:
        kind: HelmRepository
        name: yc-oci-charts
        namespace: flux-system
      interval: 10m
  install:
    remediation:
      retries: 3
  upgrade:
    remediation:
      retries: 3
  values:
    global:
      env: _default
    services:
      attachments:
        enabled: true
        serviceAccount:
          enabled:
            _default: true
          name:
            _default: attachments-vault
        deployment:
          enabled: true
          name:
            _default: attachments
          replicaCount:
            _default: 1
          port:
            _default: 8000
          command:
            _default: ["/bin/bash", "-ec"]
          args:
            _default:
              - |
                set -a
                [ -f /vault/secrets/attachments-db ] && . /vault/secrets/attachments-db
                [ -f /vault/secrets/attachments-s3 ] && . /vault/secrets/attachments-s3
                set +a
                exec /opt/attachments/entrypoint.sh                
        image:
          name:
            _default: cr.yandex/crp3ccidau046kdj8g9q/attachments:feature_6238c882
          pullPolicy:
            _default: IfNotPresent
        service:
          enabled: true
          name:
            _default: attachments-service
          type:
            _default: ClusterIP
          port:
            _default: 8000
          targetPort:
            _default: 8000
          portName:
            _default: http
        imagePullSecrets:
          enabled:
            _default: true
          name:
            _default: regcred
        envs:
          - name: POSTGRES_POOL_SIZE
            value:
              _default: "10"
          - name: API_ADDRESS
            value:
              _default: 0.0.0.0:8000
        podAnnotations:
          _default:
            traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411,8200"
            vault.hashicorp.com/agent-init-first: "true"
            vault.hashicorp.com/agent-inject: "true"
            vault.hashicorp.com/agent-pre-populate-only: "true"
            vault.hashicorp.com/auth-path: auth/kubernetes
            vault.hashicorp.com/role: attachments
            vault.hashicorp.com/agent-inject-secret-attachments-db: secrets/data/postgresql/apps/attachments
            vault.hashicorp.com/agent-inject-template-attachments-db: |-
              {{- with secret "secrets/data/postgresql/apps/attachments" -}}
              DATABASE_HOST=postgresql.attachments.svc.cluster.local
              DATABASE_PORT=5432
              DATABASE_NAME=attachments_db
              DATABASE_USER={{ index .Data.data "username" }}
              DATABASE_PASSWORD={{ index .Data.data "password" }}
              DATABASE_SSL_MODE=disable
              {{- end -}}              
            vault.hashicorp.com/agent-inject-secret-attachments-s3: secrets/data/minio/apps/attachments
            vault.hashicorp.com/agent-inject-template-attachments-s3: |-
              {{- with secret "secrets/data/minio/apps/attachments" -}}
              YANDEX_S3_ENDPOINT_URL=minio.minio:9000
              YANDEX_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }}
              YANDEX_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }}
              YANDEX_S3_USE_SSL=false
              YANDEX_S3_REGION=ru-central
              YANDEX_S3_VERIFY=false
              BUCKET_NAME=attachments
              {{- end -}}