sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
663b06a529
iac/apps/pm/base/celery-deployment.yaml

132 lines
4.8 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: celery
namespace: pm
labels:
app: celery
service: celery
spec:
replicas: 1
selector:
matchLabels:
app: celery
template:
metadata:
labels:
app: celery
service: celery
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: pm
vault.hashicorp.com/agent-inject-secret-pm-db: secrets/data/postgresql/apps/pm
vault.hashicorp.com/agent-inject-template-pm-db: |-
{{- with secret "secrets/data/postgresql/apps/pm" -}}
DB_USERNAME={{ index .Data.data "username" }}
DB_PASSWORD={{ index .Data.data "password" }}
DB_DATABASE=pm_db
DB_HOST=postgresql.pm.svc.cluster.local
DB_PORT=5432
{{- end -}}
vault.hashicorp.com/agent-inject-secret-pm-rabbitmq: secrets/data/rabbitmq/apps/pm
vault.hashicorp.com/agent-inject-template-pm-rabbitmq: |-
{{- with secret "secrets/data/rabbitmq/apps/pm" -}}
CELERY_RABBITMQ_HOST=rabbitmq.rabbitmq.svc.cluster.local
CELERY_RABBITMQ_PORT=5672
CELERY_RABBITMQ_USER={{ index .Data.data "username" }}
CELERY_RABBITMQ_PASSWORD={{ index .Data.data "password" }}
CELERY_RABBITMQ_VHOST={{ index .Data.data "vhost" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-pm-s3: secrets/data/minio/apps/pm
vault.hashicorp.com/agent-inject-template-pm-s3: |-
{{- with secret "secrets/data/minio/apps/pm" -}}
S3_HOST={{ index .Data.data.client "endpoint" }}
S3_LOGIN={{ index .Data.data "access_key" }}
S3_PASSWORD={{ index .Data.data "secret_key" }}
{{- $buckets := index .Data.data "buckets" }}
S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}pm-bucket{{- end -}}
S3_VERIFY=False
{{- end -}}
spec:
serviceAccountName: pm-vault
containers:
- name: celery
image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-ec"]
args:
- |
set -a
[ -f /vault/secrets/pm-db ] && . /vault/secrets/pm-db
[ -f /vault/secrets/pm-rabbitmq ] && . /vault/secrets/pm-rabbitmq
[ -f /vault/secrets/pm-s3 ] && . /vault/secrets/pm-s3
set +a
exec celery -A config worker -B -l info -E -Q pm -n default_worker.%h --concurrency=2
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: USERS_INTERNAL_HOST
value: http://backend-service.sarex.svc.cluster.local:8000
- name: CELERY_REDIS_HOST
value: redis.pm.svc.cluster.local
- name: RESOURCES_INTERNAL_HOST
value: http://sarex-resources-service.resources
- name: EAV_HOST
value: http://eav-service.eav
- name: EAV_API_PREFIX
value: /api/v0
- name: EAV_API_PREFIX_V1
value: /api/v1
- name: TRACING_INSECURE
value: "False"
- name: SERVER_ENABLE_SYNC_RESOURCES
value: "True"
- name: SERVER_DELETED_TASK_MAX_AGE_DAYS
value: "1"
- name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR
value: "17"
- name: LANG
value: C.UTF-8
- name: LC_ALL
value: C.UTF-8
- name: PYTHONUTF8
value: "1"
- name: CACHE_SSL
value: "False"
- name: CACHE_SSL_CA_CERTS
value: ""
- name: CACHE_ENABLE
value: "False"
- name: CLICKHOUSE_ENABLE
value: "False"
- name: KAFKA_ENABLE
value: "False"
- name: AUTH_PUBLIC_TOKEN_URL
value: "https://lk.sarex.io/api/token/public/"
- name: SERVER_HOST
value: "https://lk.sarex.io"
- name: SERVER_API_HOST
value: "https://api.sarex.io"
- name: SERVER_DEBUG
value: "False"
- name: SERVER_ALLOWED_HOSTS
value: '["*"]'
- name: SERVER_USE_OTEL
value: "False"
- name: SERVER_VERIFY_SSL
value: "False"
- name: SERVER_LOG_LEVEL
value: "INFO"
resources:
requests:
memory: 128Mi
imagePullSecrets:
- name: regcred
Reference in New Issue View Git Blame Copy Permalink