sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bc8698b5db
iac/apps/attachments/base/helmrelease.yaml

112 lines
3.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: attachments
namespace: attachments
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.8"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
attachments:
enabled: true
serviceAccount:
# Не создаём SA — используем существующий из base/serviceaccount.yaml.
name:
_default: attachments-vault
deployment:
enabled: true
name:
_default: attachments
replicaCount:
_default: 1
port:
_default: 8000
command:
_default: ["/bin/bash", "-ec"]
args:
_default:
- |
set -a
[ -f /vault/secrets/attachments-db ] && . /vault/secrets/attachments-db
[ -f /vault/secrets/attachments-s3 ] && . /vault/secrets/attachments-s3
set +a
exec /opt/attachments/entrypoint.sh
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/attachments:feature_6238c882
pullPolicy:
_default: IfNotPresent
service:
enabled: true
name:
_default: attachments-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
envs:
- name: POSTGRES_POOL_SIZE
value:
_default: "10"
- name: API_ADDRESS
value:
_default: 0.0.0.0:8000
podAnnotations:
_default:
# Порт Vault 8200 добавлен к дефолтным портам трейсинга — иначе
# чарт перезатрёт их одиночным "8200" и SigNoz перестанет ходить.
traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411,8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: attachments
vault.hashicorp.com/agent-inject-secret-attachments-db: secrets/data/postgresql/apps/attachments
vault.hashicorp.com/agent-inject-template-attachments-db: |-
{{- with secret "secrets/data/postgresql/apps/attachments" -}}
DATABASE_HOST=postgresql.attachments.svc.cluster.local
DATABASE_PORT=5432
DATABASE_NAME=attachments_db
DATABASE_USER={{ index .Data.data "username" }}
DATABASE_PASSWORD={{ index .Data.data "password" }}
DATABASE_SSL_MODE=disable
{{- end -}}
vault.hashicorp.com/agent-inject-secret-attachments-s3: secrets/data/minio/apps/attachments
vault.hashicorp.com/agent-inject-template-attachments-s3: |-
{{- with secret "secrets/data/minio/apps/attachments" -}}
YANDEX_S3_ENDPOINT_URL=minio.minio:9000
YANDEX_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }}
YANDEX_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }}
YANDEX_S3_USE_SSL=false
YANDEX_S3_REGION=ru-central
YANDEX_S3_VERIFY=false
BUCKET_NAME=attachments
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink