sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5c401a37d1
iac/apps/pm/base/backend-deployment.yaml

324 lines
10 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: pm
labels:
app: backend
service: api
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
service: api
spec:
volumes:
- name: ch-cert
configMap:
name: ch-cert
items:
- key: CA.pem
path: RootCA.crt
defaultMode: 420
containers:
- name: api
image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: K8S_POD_UID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.uid
- name: K8S_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: K8S_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: OTEL_RESOURCE_ATTRIBUTES
value: >-
k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE)
- name: USERS_INTERNAL_HOST
value: http://backend-service.sarex.svc.cluster.local:8000
- name: CELERY_REDIS_HOST
value: redis-service.pm.svc.cluster.local
- name: RESOURCES_INTERNAL_HOST
value: http://sarex-resources-service.resources
- name: EAV_HOST
value: http://eav-service.eav
- name: EAV_API_PREFIX
value: /api/v0
- name: EAV_API_PREFIX_V1
value: /api/v1
- name: TRACING_ENDPOINT
value: signoz-otel-collector-external.signoz.svc.cluster.local:4317
- name: TRACING_INSECURE
value: "True"
- name: SERVER_ENABLE_SYNC_RESOURCES
value: "True"
- name: SERVER_DELETED_TASK_MAX_AGE_DAYS
value: "1"
- name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR
value: "17"
- name: LANG
value: C.UTF-8
- name: LC_ALL
value: C.UTF-8
- name: PYTHONUTF8
value: "1"
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: password
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: database
- name: DB_HOST
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: host
- name: DB_PORT
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: port
- name: S3_HOST
valueFrom:
secretKeyRef:
name: ya-s3-secret-pm
key: host
- name: S3_LOGIN
valueFrom:
secretKeyRef:
name: ya-s3-secret-pm
key: login
- name: S3_PASSWORD
valueFrom:
secretKeyRef:
name: ya-s3-secret-pm
key: password
- name: S3_BUCKET
valueFrom:
secretKeyRef:
name: ya-s3-secret-pm
key: bucket
- name: CACHE_HOST
valueFrom:
secretKeyRef:
name: cache-secret-pm
key: host
- name: CACHE_PORT
valueFrom:
secretKeyRef:
name: cache-secret-pm
key: port
- name: CACHE_PASSWORD
valueFrom:
secretKeyRef:
name: cache-secret-pm
key: password
- name: CACHE_SSL
valueFrom:
secretKeyRef:
name: cache-secret-pm
key: ssl
- name: CACHE_SSL_CA_CERTS
valueFrom:
secretKeyRef:
name: cache-secret-pm
key: ssl_ca_certs
- name: CACHE_ENABLE
valueFrom:
secretKeyRef:
name: cache-secret-pm
key: enable
- name: CLICKHOUSE_HOST
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: host
- name: CLICKHOUSE_PORT
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: port
- name: CLICKHOUSE_USER
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: user
- name: CLICKHOUSE_PASSWORD
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: password
- name: CLICKHOUSE_DATABASE
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: database
- name: CLICKHOUSE_TABLE
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: table
- name: CLICKHOUSE_SECURE
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: secure
- name: CLICKHOUSE_VERIFY
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: verify
- name: CLICKHOUSE_CERT
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: cert
- name: CLICKHOUSE_ENABLE
valueFrom:
secretKeyRef:
name: clickhouse-secret-pm
key: enable
- name: KAFKA_ENABLE
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: enable
- name: KAFKA_BOOTSTRAP_SERVERS
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: bootstrap_servers
- name: KAFKA_SECURITY_PROTOCOL
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: security_protocol
- name: KAFKA_SASL_MECHANISM
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: sasl_mechanism
- name: KAFKA_SASL_PLAIN_USERNAME
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: sasl_username
- name: KAFKA_SASL_PLAIN_PASSWORD
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: sasl_password
- name: KAFKA_SSL_CAFILE
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: ssl_cafile
- name: KAFKA_TOPICS
valueFrom:
secretKeyRef:
name: ya-kafka-secret-pm
key: topics
- name: CELERY_RABBITMQ_HOST
valueFrom:
secretKeyRef:
name: rabbit-secret-pm
key: host
- name: CELERY_RABBITMQ_PORT
valueFrom:
secretKeyRef:
name: rabbit-secret-pm
key: port
- name: CELERY_RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbit-secret-pm
key: user
- name: CELERY_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: rabbit-secret-pm
key: password
- name: CELERY_RABBITMQ_VHOST
valueFrom:
secretKeyRef:
name: rabbit-secret-pm
key: vhost
- name: AUTH_PUBLIC_TOKEN_URL
valueFrom:
secretKeyRef:
name: server-secret-pm
key: auth_public_token_url
- name: SERVER_HOST
valueFrom:
secretKeyRef:
name: server-secret-pm
key: server_host
- name: SERVER_API_HOST
valueFrom:
secretKeyRef:
name: server-secret-pm
key: server_api_host
- name: SERVER_DEBUG
valueFrom:
secretKeyRef:
name: server-secret-pm
key: server_debug
- name: SERVER_ALLOWED_HOSTS
valueFrom:
secretKeyRef:
name: server-secret-pm
key: server_allowed_hosts
- name: SERVER_USE_OTEL
valueFrom:
secretKeyRef:
name: server-secret-pm
key: server_use_otel
- name: SERVER_VERIFY_SSL
valueFrom:
secretKeyRef:
name: server-secret-pm
key: server_verify_ssl
- name: SERVER_LOG_LEVEL
valueFrom:
secretKeyRef:
name: server-secret-pm
key: server_log_level
resources:
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- name: ch-cert
readOnly: true
mountPath: /root/clickhouse
imagePullSecrets:
- name: regcred
Reference in New Issue View Git Blame Copy Permalink