iac/apps/system-log/base/backend-deployment.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api
  namespace: system-log
  labels:
    app: api
    service: api
spec:
  replicas: 1
  selector:
    matchLabels:
      app: api
  template:
    metadata:
      labels:
        app: api
        service: api
      annotations:
        traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
        vault.hashicorp.com/agent-init-first: "true"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/auth-path: auth/kubernetes
        vault.hashicorp.com/role: system-log
        vault.hashicorp.com/agent-inject-secret-system-log-postgresql: secrets/data/postgresql/apps/system-log
        vault.hashicorp.com/agent-inject-template-system-log-postgresql: |-
          {{- with secret "secrets/data/postgresql/apps/system-log" -}}
          POSTGRES_ADDRESS=postgresql.system-log.svc.cluster.local
          POSTGRES_PORT=5432
          POSTGRES_DB=system_log_db
          POSTGRES_USER={{ index .Data.data "username" }}
          POSTGRES_PASSWORD={{ index .Data.data "password" }}
          {{- end -}}          
        vault.hashicorp.com/agent-inject-secret-system-log-kafka: secrets/data/kafka/apps/system-log
        vault.hashicorp.com/agent-inject-template-system-log-kafka: |-
          {{- with secret "secrets/data/kafka/apps/system-log" -}}
          KAFKA_USERNAME={{ index .Data.data "username" }}
          KAFKA_PASSWORD={{ index .Data.data "password" }}
          KAFKA_BROKERS={{ index .Data.data.auth "bootstrap_servers" }}
          {{- $topics := index .Data.data "topics" -}}
          KAFKA_TOPIC={{- if gt (len $topics) 0 -}}{{ index (index $topics 0) "name" }}{{- else -}}system-log.events{{- end -}}
          {{- end -}}          
    spec:
      serviceAccountName: system-log-vault
      containers:
        - name: api
          image: cr.yandex/crp3ccidau046kdj8g9q/system-log_prod:075fc0
          imagePullPolicy: IfNotPresent
          command: ["/bin/bash", "-ec"]
          args:
            - |
              set -a
              [ -f /vault/secrets/system-log-postgresql ] && . /vault/secrets/system-log-postgresql
              [ -f /vault/secrets/system-log-kafka ] && . /vault/secrets/system-log-kafka
              set +a
              exec /app              
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          env:
            - name: KAFKA_ENABLE
              value: "1"
            - name: KAFKA_USE_SSL
              value: "0"
            - name: KAFKA_ENABLE_LOGGING
              value: "0"
            - name: APP_NAME
              value: system_log
            - name: APP_VERSION
              value: 0.0.1
            - name: LOG_LEVEL
              value: INFO
            - name: HTTP_HOST
              value: 0.0.0.0
            - name: HTTP_PORT
              value: "8000"
            - name: NAMESPACE
              value: system-log
            - name: POSTGRES_POOL_SIZE
              value: "3"
            - name: ENABLE_SSL
              value: "0"
            - name: KAFKA_GROUP
              value: system-log-stage
            - name: KAFKA_CLIENT_ID
              value: system-log-stage
            - name: KAFKA_PEM_PATH
              value: "/tmp"
            - name: KAFKA_TOPIC
              value: "system-log.events"
            - name: DJANGO_HOST
              value: http://backend.django.svc.cluster.local:8000

          resources:
            requests:
              cpu: "1"
              memory: 1Gi
      imagePullSecrets:
        - name: regcred