sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e74574a1dd
iac/apps/rfi/base/backend-deployment.yaml
Kochetkov S e74574a1dd compariosns + vault
2026-04-22 14:54:06 +03:00

100 lines
3.9 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rfi-backend-api
namespace: rfi
labels:
app: rfi-backend-api
service: api
spec:
replicas: 1
selector:
matchLabels:
app: rfi-backend-api
template:
metadata:
labels:
app: rfi-backend-api
service: api
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: rfi
vault.hashicorp.com/agent-inject-secret-rfi-db: secrets/data/postgresql/apps/rfi
vault.hashicorp.com/agent-inject-template-rfi-db: |-
{{- with secret "secrets/data/postgresql/apps/rfi" -}}
DB_HOST=postgresql.rfi.svc.cluster.local
DB_PORT=5432
DB_NAME=rfi_db
DB_USER={{ index .Data.data "username" }}
DB_PASSWORD={{ index .Data.data "password" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-rfi-s3: secrets/data/minio/apps/rfi
vault.hashicorp.com/agent-inject-template-rfi-s3: |-
{{- with secret "secrets/data/minio/apps/rfi" -}}
YC_S3_ENDPOINT_URL={{ index .Data.data.client "endpoint" }}
YC_S3_BUCKET_NAME=rfi
YC_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }}
YC_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-rfi-rabbitmq: secrets/data/rabbitmq/apps/rfi
vault.hashicorp.com/agent-inject-template-rfi-rabbitmq: |-
{{- with secret "secrets/data/rabbitmq/apps/rfi" -}}
RABBITMQ_VHOST={{ index .Data.data "vhost" }}
RABBITMQ_USERNAME={{ index .Data.data "username" }}
RABBITMQ_PASSWORD={{ index .Data.data "password" }}
RABBITMQ_PORT=5672
RABBITMQ_HOST=rabbitmq.rabbitmq.svc.cluster.local
{{- end -}}
vault.hashicorp.com/agent-inject-secret-rfi-django-auth: secrets/data/vault/common/django_auth
vault.hashicorp.com/agent-inject-template-rfi-django-auth: |-
{{- with secret "secrets/data/vault/common/django_auth" -}}
DJANGO_SECRET_KEY={{ index .Data.data "key" }}
SAREX_BACKEND_AUTH={{ index .Data.data "key" }}
{{- end -}}
spec:
serviceAccountName: rfi-vault
containers:
- name: api
image: cr.yandex/crp3ccidau046kdj8g9q/rfi-backend:production_d1e2e80d
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-ec"]
args:
- |
set -a
[ -f /vault/secrets/rfi-db ] && . /vault/secrets/rfi-db
[ -f /vault/secrets/rfi-s3 ] && . /vault/secrets/rfi-s3
[ -f /vault/secrets/rfi-rabbitmq ] && . /vault/secrets/rfi-rabbitmq
[ -f /vault/secrets/rfi-django-auth ] && . /vault/secrets/rfi-django-auth
set +a
exec ./entrypoint.sh
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: JWT_AUTH_ENABLE
value: "True"
- name: NOTIFICATIONS_ENABLE
value: "false"
- name: NOTIFICATIONS_EMAIL_FROM
value: hello@sarex.io
- name: NOTIFICATIONS_SERVICE_URL
value: https://srx-wb.ru/rfi
- name: SAREX_BACKEND_URL
value: http://backend-svc.django.svc.cluster.local
- name: EAV_URL
value: http://eav-service.eav.svc.cluster.local:8000
- name: GATEWAY_URL
value: http://pdm-api.documentations.svc.cluster.local:8080
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred
Reference in New Issue View Git Blame Copy Permalink