sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sarex:master
Branches Tags
sarex:master
sarex:argocd-helm-master
sarex:helm
sarex:helm-master
..
compare: sarex:helm
Branches Tags
sarex:master
sarex:argocd-helm-master
sarex:helm
sarex:helm-master

No commits in common. "master" and "helm" have entirely different histories.
master ... helm

341 changed files with 628 additions and 70796 deletions
Show Stats Expand all files Collapse all files

11468
1.yaml
View File

File diff suppressed because it is too large Load Diff

344
README.md
View File

@ -1,349 +1,7 @@
# FluxCD v2 Monorepooo # FluxCD v2 Monorepo
Репозиторий Infrastructure as Code, управляемый [FluxCD v2](https://fluxcd.io/) с использованием Kustomize-оверлеев и Helm-релизов. Репозиторий Infrastructure as Code, управляемый [FluxCD v2](https://fluxcd.io/) с использованием Kustomize-оверлеев и Helm-релизов.
## Карта инфраструктуры и межсервисных маршрутов
Диаграмма ниже показывает инфраструктурные компоненты кластера, их зависимости и типовые маршруты вызовов между бизнес-сервисами.
```mermaid
flowchart LR
%% ===== Внешний контур =====
User([👤 Пользователь<br/>Web / Mobile]):::ext
Admin([🛡 Администратор<br/>kubectl / flux]):::ext
LE([🔐 Let's Encrypt<br/>ACME v2]):::ext
GitRepo([📦 Git Repository<br/>FluxCD source]):::ext
OCI([🐳 OCI Registry<br/>cr.yandex]):::ext
%% ===== GitOps =====
subgraph GITOPS["⚙️ GitOps Control Plane"]
direction TB
FluxSource[source-controller]:::flux
FluxKust[kustomize-controller]:::flux
FluxHelm[helm-controller]:::flux
FluxNotif[notification-controller]:::flux
FluxSource --> FluxKust
FluxSource --> FluxHelm
FluxKust --> FluxNotif
FluxHelm --> FluxNotif
end
%% ===== Edge / Service Mesh =====
subgraph EDGE["🌐 Edge & Service Mesh — istio-system"]
direction TB
Gateway["Istio Gateway<br/>:443 / :80<br/>LoadBalancer"]:::mesh
Pilot["istiod / Pilot<br/>xDS :15010/:15012"]:::mesh
Base[Istio Base<br/>CRDs + RBAC]:::mesh
Cert["cert-manager<br/>v1.x"]:::mesh
IssuerProd[ClusterIssuer<br/>letsencrypt-prod]:::mesh
IssuerIstio[ClusterIssuer<br/>letsencrypt-istio]:::mesh
Pilot -->|sidecar inject| Gateway
Base --> Pilot
Cert --> IssuerProd
Cert --> IssuerIstio
IssuerIstio -. TLS cert .-> Gateway
end
%% ===== Платформа =====
subgraph PLATFORM["🛠 Платформа"]
direction TB
Dashboard["K8s Dashboard<br/>UI :8443"]:::platform
LPP["local-path-provisioner<br/>StorageClass: local-path"]:::platform
Vault["HashiCorp Vault<br/>:8200 KV/Transit"]:::platform
S3Proxy["S3 Proxy<br/>S3 API gateway"]:::platform
end
%% ===== Identity =====
subgraph IDENTITY["🪪 Identity & SSO"]
direction TB
Zitadel["Zitadel<br/>OIDC :8080"]:::identity
Keycloak["Keycloak<br/>OIDC/SAML :8080"]:::identity
OpenLDAP["OpenLDAP<br/>:389 / :636"]:::identity
Keycloak -- "LDAP federation" --> OpenLDAP
end
%% ===== Данные =====
subgraph DATA["🗄 Хранилища данных"]
direction TB
PG[("PostgreSQL<br/>:5432<br/>HA primary/replica")]:::data
Redis[("Redis<br/>:6379<br/>cache + pub/sub")]:::data
MinIO[("MinIO<br/>S3 :9000<br/>console :9001")]:::data
end
%% ===== Messaging =====
subgraph MSG["📨 Messaging"]
direction TB
Kafka[["Kafka<br/>:9092 / :9093 SASL<br/>3 brokers"]]:::msg
ZK[["ZooKeeper / KRaft<br/>:2181"]]:::msg
RMQ[["RabbitMQ<br/>:5672 / mgmt :15672"]]:::msg
Kafka --- ZK
end
%% ===== BPM =====
subgraph BPM["🔧 BPM"]
direction TB
Camunda["Camunda Platform<br/>REST :8080 / Tasklist"]:::app
Operate["Camunda Operate<br/>UI :8081"]:::app
end
%% ===== Бизнес-сервисы (каждый в своём namespace) =====
subgraph APPS["💼 Бизнес-сервисы — namespaces"]
direction LR
CI["ns: control-interface"]:::app
Django["ns: django"]:::app
EAV["ns: eav"]:::app
Workspaces["ns: workspaces"]:::app
Projects["ns: projects"]:::app
PM["ns: pm"]:::app
Contracts["ns: contracts"]:::app
Resources["ns: resources"]:::app
Subs["ns: subscriptions"]:::app
SysLog["ns: system-log"]:::app
MsgHub["ns: message-hub"]:::app
FaaS["ns: faas"]:::app
Flows["ns: flows"]:::app
Docs["ns: documentations"]:::app
DocLink["ns: document-link"]:::app
Attach["ns: attachments"]:::app
Transmittal["ns: transmittal"]:::app
CDE["ns: cde"]:::app
Drawings["ns: drawings"]:::app
BIM["ns: bim"]:::app
Stamp["ns: stamp-verification"]:::app
Inspect["ns: inspections"]:::app
Checklists["ns: checklists"]:::app
Remarks["ns: remarks"]:::app
Issues["ns: issues"]:::app
RFI["ns: rfi"]:::app
Reviews["ns: reviews"]:::app
Prescr["ns: prescriptions"]:::app
Compare["ns: comparisons"]:::app
Measure["ns: measurements"]:::app
Mapper["ns: mapper"]:::app
XSection["ns: cross-section"]:::app
Process["ns: processing"]:::app
Notes["ns: notes"]:::app
end
%% ===== GitOps потоки =====
Admin ==>|git push| GitRepo
GitRepo ==>|pull/poll| FluxSource
OCI ==>|OCI charts| FluxSource
FluxKust ==>|apply manifests| EDGE
FluxKust ==>|apply manifests| PLATFORM
FluxKust ==>|apply manifests| IDENTITY
FluxHelm ==>|HelmRelease| DATA
FluxHelm ==>|HelmRelease| MSG
FluxHelm ==>|HelmRelease| BPM
FluxHelm ==>|HelmRelease| APPS
%% ===== Внешний трафик =====
User ==>|HTTPS 443| Gateway
LE -. ACME HTTP-01 .-> Cert
Gateway ==>|VirtualService<br/>mTLS| CI
Gateway ==>|/api| Django
Gateway ==>|/bim| BIM
Gateway ==>|/cde| CDE
Gateway ==>|/docs| Docs
Gateway ==>|/pm| PM
Gateway ==>|VirtualService| Camunda
Gateway ==>|VirtualService| Operate
Gateway ==>|/auth| Keycloak
Gateway ==>|/oauth| Zitadel
Gateway ==>|/dashboard| Dashboard
Gateway ==>|/minio| MinIO
Admin -.->|kubectl| Dashboard
%% ===== Frontend → backend (через control-interface) =====
CI -- "API gateway" --> Django
CI -- "API gateway" --> PM
CI -- "API gateway" --> Projects
CI -- "API gateway" --> Workspaces
%% ===== Подключения к данным =====
Django -- "JDBC/ORM" --> PG
EAV -- "JDBC" --> PG
PM -- "JDBC" --> PG
Contracts -- "JDBC" --> PG
Resources -- "JDBC" --> PG
Projects -- "JDBC" --> PG
Workspaces -- "JDBC" --> PG
Subs -- "JDBC" --> PG
SysLog -- "JDBC" --> PG
Docs -- "JDBC" --> PG
DocLink -- "JDBC" --> PG
CDE -- "JDBC" --> PG
BIM -- "JDBC" --> PG
Drawings -- "JDBC" --> PG
Inspect -- "JDBC" --> PG
Checklists -- "JDBC" --> PG
Issues -- "JDBC" --> PG
Remarks -- "JDBC" --> PG
RFI -- "JDBC" --> PG
Reviews -- "JDBC" --> PG
Prescr -- "JDBC" --> PG
Compare -- "JDBC" --> PG
Measure -- "JDBC" --> PG
Mapper -- "JDBC" --> PG
XSection -- "JDBC" --> PG
Notes -- "JDBC" --> PG
Stamp -- "JDBC" --> PG
Transmittal -- "JDBC" --> PG
Camunda -- "JDBC" --> PG
Operate -- "JDBC" --> PG
Zitadel -- "JDBC" --> PG
Keycloak -- "JDBC" --> PG
%% ===== Redis (общий кэш / sessions) =====
Django -- "session/cache" --> Redis
CI -- "session" --> Redis
PM -- "cache" --> Redis
Workspaces -- "cache" --> Redis
Subs -- "pub/sub realtime" --> Redis
MsgHub -- "pub/sub" --> Redis
Flows -- "state" --> Redis
FaaS -- "queue" --> Redis
Camunda -- "cache" --> Redis
Keycloak -- "session" --> Redis
%% ===== S3 / объектное хранилище =====
Attach -- "PUT/GET" --> S3Proxy
Docs -- "filestream" --> S3Proxy
BIM -- "IFC/RVT" --> S3Proxy
Drawings -- "DWG/PDF" --> S3Proxy
CDE -- "files" --> S3Proxy
Compare -- "rendered diff" --> S3Proxy
Stamp -- "signed PDF" --> S3Proxy
Transmittal -- "bundles" --> S3Proxy
Process -- "raw + результаты" --> S3Proxy
Mapper -- "tiles" --> S3Proxy
Measure -- "snapshots" --> S3Proxy
XSection -- "профили" --> S3Proxy
S3Proxy -- "S3 API" --> MinIO
%% ===== Vault (secrets) =====
Django -. "kv" .-> Vault
Camunda -. "approle" .-> Vault
Keycloak -. "kv" .-> Vault
Zitadel -. "kv" .-> Vault
FaaS -. "approle" .-> Vault
Flows -. "approle" .-> Vault
%% ===== Storage / PVC =====
PG -.->|PVC| LPP
Redis -.->|PVC| LPP
Kafka -.->|PVC| LPP
ZK -.->|PVC| LPP
RMQ -.->|PVC| LPP
MinIO -.->|PVC| LPP
Vault -.->|PVC| LPP
%% ===== Kafka (event bus) =====
SysLog -- "consume audit.*" --> Kafka
MsgHub -- "produce notify.*" --> Kafka
Subs -- "consume notify.*" --> Kafka
Flows -- "produce/consume flows.*" --> Kafka
Camunda -- "produce bpm.events" --> Kafka
Operate -- "consume zeebe-records" --> Kafka
BIM -- "produce bim.processed" --> Kafka
Drawings -- "produce drawings.uploaded" --> Kafka
Process -- "consume processing.jobs" --> Kafka
Compare -- "consume drawings.uploaded" --> Kafka
Inspect -- "produce inspect.events" --> Kafka
Issues -- "consume inspect.events" --> Kafka
Remarks -- "produce remarks.events" --> Kafka
Reviews -- "consume remarks.events" --> Kafka
%% ===== RabbitMQ (work queues) =====
FaaS -- "consume tasks.*" --> RMQ
Flows -- "publish tasks.*" --> RMQ
Process -- "publish jobs" --> RMQ
Mapper -- "consume tile.jobs" --> RMQ
XSection -- "consume xs.jobs" --> RMQ
Stamp -- "consume sign.jobs" --> RMQ
Camunda -- "consume bpm.tasks" --> RMQ
%% ===== Межсервисные REST маршруты =====
PM -- "REST" --> Projects
PM -- "REST" --> Contracts
PM -- "REST" --> Resources
Projects -- "REST" --> Workspaces
Contracts -- "REST" --> Resources
Inspect -- "REST" --> Checklists
Inspect -- "REST" --> Issues
Issues -- "REST" --> Remarks
Reviews -- "REST" --> RFI
Reviews -- "REST" --> Prescr
RFI -- "REST" --> DocLink
DocLink --> Docs
DocLink --> CDE
CDE -- "REST" --> Docs
CDE -- "REST" --> Drawings
CDE -- "REST" --> BIM
Transmittal -- "REST" --> CDE
Transmittal -- "REST" --> Docs
Drawings -- "REST" --> Compare
Drawings -- "REST" --> Stamp
Measure -- "REST" --> Mapper
Mapper -- "REST" --> XSection
XSection --> Process
BIM -- "REST" --> Process
Notes -- "REST" --> DocLink
Flows -- "trigger" --> FaaS
Flows -- "start" --> Camunda
Camunda -- "callback" --> Flows
EAV -- "schemas" --> Django
MsgHub -- "deliver email/push" --> Subs
%% ===== AuthN / AuthZ =====
Django -. "OIDC validate" .-> Keycloak
CI -. "OIDC login" .-> Keycloak
PM -. "JWT" .-> Keycloak
Camunda -. "JWT" .-> Zitadel
Operate -. "OIDC" .-> Zitadel
Dashboard -. "OIDC" .-> Keycloak
BIM -. "JWT" .-> Keycloak
CDE -. "JWT" .-> Keycloak
Docs -. "JWT" .-> Keycloak
%% ===== Service mesh sidecar metrics =====
CI -. "envoy" .-> Pilot
Django -. "envoy" .-> Pilot
Camunda -. "envoy" .-> Pilot
BIM -. "envoy" .-> Pilot
Flows -. "envoy" .-> Pilot
%% ===== Стили =====
classDef ext fill:#1f2937,stroke:#9ca3af,stroke-width:2px,color:#f9fafb
classDef flux fill:#6366f1,stroke:#3730a3,stroke-width:2px,color:#fff
classDef mesh fill:#7c3aed,stroke:#4c1d95,stroke-width:2px,color:#fff
classDef platform fill:#0ea5e9,stroke:#075985,stroke-width:2px,color:#fff
classDef identity fill:#f59e0b,stroke:#92400e,stroke-width:2px,color:#fff
classDef data fill:#10b981,stroke:#065f46,stroke-width:2px,color:#fff
classDef msg fill:#ef4444,stroke:#991b1b,stroke-width:2px,color:#fff
classDef app fill:#ec4899,stroke:#9d174d,stroke-width:2px,color:#fff
style GITOPS fill:#e0e7ff,stroke:#6366f1,stroke-width:2px
style EDGE fill:#ede9fe,stroke:#7c3aed,stroke-width:2px
style PLATFORM fill:#e0f2fe,stroke:#0ea5e9,stroke-width:2px
style IDENTITY fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
style DATA fill:#d1fae5,stroke:#10b981,stroke-width:2px
style MSG fill:#fee2e2,stroke:#ef4444,stroke-width:2px
style BPM fill:#fce7f3,stroke:#ec4899,stroke-width:2px
style APPS fill:#fce7f3,stroke:#ec4899,stroke-width:2px
```
📂 **Подробные диаграммы по каждому бизнес-сервису:** [`docs/apps/`](./docs/apps/README.md)
**Легенда:**
- 🟪 **Edge / Mesh** — терминация TLS, маршрутизация и mTLS между сервисами (Istio + cert-manager)
- 🟦 **Платформа** — служебные компоненты (storage, secrets, S3 proxy, dashboard)
- 🟧 **Identity** — единый вход и федерация пользователей (Zitadel, Keycloak, OpenLDAP)
- 🟩 **Данные** — постоянные хранилища (PostgreSQL, Redis, MinIO)
- 🟥 **Messaging** — асинхронный обмен (Kafka, RabbitMQ)
- 🟪 **Бизнес-сервисы** — прикладная логика (Camunda, бизнес-приложения)
## Структура репозитория ## Структура репозитория
``` ```

7
apps/attachments/base/helmrelease.yaml
View File

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: universal-chart chart: universal-chart
version: "0.1.9" version: "0.1.8"
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: yc-oci-charts name: yc-oci-charts
@ -28,8 +28,7 @@ spec:
attachments: attachments:
enabled: true enabled: true
serviceAccount: serviceAccount:
enabled: # Не создаём SA — используем существующий из base/serviceaccount.yaml.
_default: true
name: name:
_default: attachments-vault _default: attachments-vault
deployment: deployment:
@ -81,6 +80,8 @@ spec:
_default: 0.0.0.0:8000 _default: 0.0.0.0:8000
podAnnotations: podAnnotations:
_default: _default:
# Порт Vault 8200 добавлен к дефолтным портам трейсинга — иначе
# чарт перезатрёт их одиночным "8200" и SigNoz перестанет ходить.
traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411,8200" traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411,8200"
vault.hashicorp.com/agent-init-first: "true" vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-inject: "true"

2
apps/attachments/base/kustomization.yaml
View File

@ -3,4 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: attachments namespace: attachments
resources: resources:
- namespace.yaml
- serviceaccount.yaml
- helmrelease.yaml - helmrelease.yaml

2
apps/transmittal/base/namespace.yaml → apps/attachments/base/namespace.yaml
View File

@ -2,6 +2,6 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: transmittal name: attachments
labels: labels:
istio-injection: enabled istio-injection: enabled

5
apps/attachments/base/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: attachments-vault
namespace: attachments

10
apps/attachments/yc-k8s-test/kustomization.yaml
View File

@ -4,8 +4,8 @@ kind: Kustomization
resources: resources:
- ../base - ../base
- postgresql.yaml - postgresql.yaml
patches: [] patches:
# - path: replicas.yaml - path: replicas.yaml
# target: target:
# kind: HelmRelease kind: HelmRelease
# name: attachments name: attachments

4
apps/attachments/yc-k8s-test/postgresql.yaml
View File

@ -89,10 +89,6 @@ spec:
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 6 failureThreshold: 6
resources:
requests:
cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

2
apps/attachments/yc-k8s-test/replicas.yaml
View File

@ -10,4 +10,4 @@ spec:
attachments: attachments:
deployment: deployment:
replicaCount: replicaCount:
_default: 2 _default: 1

6
apps/bim/base/backend-deployment.yaml
View File

@ -50,7 +50,7 @@ spec:
serviceAccountName: bim-vault serviceAccountName: bim-vault
containers: containers:
- name: backend - name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/bim-api:contour_3d704fef image: cr.yandex/crp3ccidau046kdj8g9q/bim-backend-v2:donstroi1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-ec"] command: ["/bin/sh", "-ec"]
args: args:
@ -58,7 +58,7 @@ spec:
set -a set -a
[ -f /vault/secrets/bim-postgresql ] && . /vault/secrets/bim-postgresql [ -f /vault/secrets/bim-postgresql ] && . /vault/secrets/bim-postgresql
set +a set +a
exec ./httpserver exec ./entrypoint.sh
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -88,7 +88,7 @@ spec:
value: "0" value: "0"
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
livenessProbe: livenessProbe:
httpGet: httpGet:

4
apps/bim/base/backend-service.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: backend-svc name: backend-service
namespace: bim namespace: bim
spec: spec:
type: ClusterIP type: ClusterIP
@ -10,6 +10,6 @@ spec:
app: backend app: backend
ports: ports:
- name: http - name: http
port: 80 port: 8000
targetPort: 8000 targetPort: 8000
protocol: TCP protocol: TCP

229
apps/bim/brusnika-stage/backend.yaml
View File

@ -1,229 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: backend
namespace: bim
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/issues:production_f1b6c05c
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: backend-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: LAST_MASTER_BIM
value:
_default: "100000"
- name: LAST_SLAVE_1_BIM
value:
_default: "100000"
- name: LAST_MASTER_BIM_V3
value:
_default: "100000"
- name: LAST_SLAVE_1_BIM_V3
value:
_default: "100000"
- name: DB_CERT_PATH_3
value:
_default: "/root/yandex_pg.pem"
- name: DB_CERT_PATH_4
value:
_default: "/root/yandex_pg.pem"
- name: POSTGRES_ADDRESS_3
value:
_default: "postgres-service"
- name: POSTGRES_ADDRESS_4
value:
_default: "postgres-service"
- name: POSTGRES_PORT_3
value:
_default: "5432"
- name: POSTGRES_PORT_4
value:
_default: "5432"
- name: POSTGRES_DB_3
value:
_default: "bimapidb"
- name: POSTGRES_DB_4
value:
_default: "bimapidb"
- name: DB_CERT_PATH_2
value:
_default: "/root/yandex_pg.pem"
- name: POSTGRES_ADDRESS_2
value:
_default: "postgres-service"
- name: POSTGRES_PORT_2
value:
_default: "5432"
- name: POSTGRES_DB_2
value:
_default: "bimapidb"
- name: POSTGRES_ADDRESS
value:
_default: "postgres-service"
- name: POSTGRES_PORT
value:
_default: "5432"
- name: POSTGRES_DB
value:
_default: "bimapidb"
- name: POSTGRES_POOL_SIZE
value:
_default: "30"
- name: API_ADDRESS
value:
_default: "0.0.0.0:8000"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: ENABLE_SQL_QUERY
value:
_default: "0"
- name: ENABLE_SSL
value:
_default: "0"
secretEnvs:
- name: POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: POSTGRES_USER_4
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD_4
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: POSTGRES_USER_2
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD_2
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: POSTGRES_USER_3
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD_3
secretName:
_default: "postgres-secret"
secretKey: "password"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/bim/brusnika-stage/kustomization.yaml
View File

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: bim
resources:
- backend.yaml

3
apps/bim/yc-k8s-test/postgresql.yaml
View File

@ -92,8 +92,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

4
apps/cde/base/cde-flowscallback.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/cde/base/cde-splitpdf.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/cde/base/cde-worker-copy.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/cde/base/cde-worker-create-versions.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/cde/base/cde-worker-markings.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/cde/base/cde-worker-sign.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/cde/base/cde-worker-update-bundles.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/cde/base/cde.yaml
View File

@ -54,7 +54,7 @@ spec:
value: "true" value: "true"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

66
apps/checklists/base/backend-deployment.yaml
View File

@ -17,41 +17,11 @@ spec:
labels: labels:
app: checklists-backend app: checklists-backend
service: checklists-backend service: checklists-backend
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: checklists
vault.hashicorp.com/agent-inject-secret-checklists-db: secrets/data/postgresql/apps/checklists
vault.hashicorp.com/agent-inject-template-checklists-db: |-
{{- with secret "secrets/data/postgresql/apps/checklists" -}}
DATABASE_HOST=postgresql.checklists.svc.cluster.local
DATABASE_PORT=5432
DATABASE_NAME=checklists_db
DATABASE_USER={{ index .Data.data "username" }}
DATABASE_PASSWORD={{ index .Data.data "password" }}
{{- end -}}
vault.hashicorp.com/agent-inject-secret-checklists-jwt-public: secrets/data/vault/common/rsa_keys
vault.hashicorp.com/agent-inject-template-checklists-jwt-public: |-
{{- with secret "secrets/data/vault/common/rsa_keys" -}}
{{ index .Data.data "public_key" }}
{{- end -}}
spec: spec:
serviceAccountName: checklists-vault
containers: containers:
- name: api - name: api
image: cr.yandex/crp3ccidau046kdj8g9q/checklists-backend:production_68f242cd image: cr.yandex/crp3ccidau046kdj8g9q/checklists-backend:production_68f242cd
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-ec"]
args:
- |
set -a
[ -f /vault/secrets/checklists-db ] && . /vault/secrets/checklists-db
[ -f /vault/secrets/checklists-jwt-public ] && export JWT_AUTH_PUBLIC_KEY="$(cat /vault/secrets/checklists-jwt-public)"
set +a
exec ./entrypoint.sh
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -64,17 +34,47 @@ spec:
- name: HTTP_APP_ROOT_PATH - name: HTTP_APP_ROOT_PATH
value: /checklists value: /checklists
- name: HTTP_APP_WORKERS - name: HTTP_APP_WORKERS
value: "1" value: "8"
- name: HTTP_APP_ADMIN_ENABLE - name: HTTP_APP_ADMIN_ENABLE
value: "true" value: "true"
- name: JWT_AUTH_ENABLE - name: JWT_AUTH_ENABLE
value: "true" value: "true"
- name: DEBUG - name: DEBUG
value: "false" value: "false"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: JWT_AUTH_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: public-key
name: jwt-secret
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/checklists/base/backend-service.yaml
View File

@ -3,11 +3,11 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: rfi-backend-api-svc name: rfi-backend-api-svc
namespace: checklists namespace: rfi
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app: checklists-backend app: rfi-backend-api
ports: ports:
- name: http - name: http
port: 80 port: 80

1
apps/checklists/base/kustomization.yaml
View File

@ -4,6 +4,5 @@ kind: Kustomization
namespace: checklists namespace: checklists
resources: resources:
- namespace.yaml - namespace.yaml
- serviceaccount.yaml
- backend-deployment.yaml - backend-deployment.yaml
- backend-service.yaml - backend-service.yaml

5
apps/checklists/base/serviceaccount.yaml
View File

@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: checklists-vault
namespace: checklists

27
apps/checklists/yc-k8s-test/postgresql.yaml
View File

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: postgresql-contour chart: postgresql-contour
version: "17.0.7" version: "17.0.2"
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: yc-oci-charts name: yc-oci-charts
@ -44,7 +44,7 @@ spec:
image: image:
registry: cr.yandex/crp3ccidau046kdj8g9q registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql repository: contour/postgresql
tag: 17.0.7 tag: 17.0.2
pullPolicy: Always pullPolicy: Always
metrics: metrics:
enabled: false enabled: false
@ -61,7 +61,7 @@ spec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 5 timeoutSeconds: 5
@ -72,7 +72,7 @@ spec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 5 timeoutSeconds: 5
@ -83,16 +83,12 @@ spec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 6 failureThreshold: 6
resources:
requests:
cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:
@ -102,19 +98,12 @@ spec:
effect: NoSchedule effect: NoSchedule
contour: contour:
enabled: true enabled: true
adminUser: "postgres" adminUser: ""
sharedPreloadLibraries: "pg_stat_statements,uuid-ossp" adminPasswordSecretKey: ""
vault: sharedPreloadLibraries: "pg_stat_statements"
enabled: true
role: postgresql
authPath: auth/kubernetes
secretPath: secrets/data/postgresql/admin
secretKey: postgres-password
usersSecretPath: secrets/data/postgresql/users
databases: databases:
- name: checklists_db - name: checklists_db
user: checklists user: checklists
passwordKey: checklists
extensions: [] extensions: []
restoreFromDump: false restoreFromDump: false
s3-proxy: s3-proxy:

2
apps/comparisons/base/backend-deployment.yaml
View File

@ -111,7 +111,7 @@ spec:
value: /etc/app/tasks-execution-config.json value: /etc/app/tasks-execution-config.json
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:
- name: tasks-execution-config - name: tasks-execution-config

2
apps/comparisons/base/frontend-deployment.yaml
View File

@ -33,7 +33,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:
- name: nginx-configmap - name: nginx-configmap

3
apps/comparisons/yc-k8s-test/postgresql.yaml
View File

@ -91,8 +91,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

3
apps/contracts/yc-k8s-test/postgresql.yaml
View File

@ -58,8 +58,7 @@ spec:
size: 20Gi size: 20Gi
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
customLivenessProbe: customLivenessProbe:
exec: exec:
command: command:

4
apps/control-interface/base/service.yaml
View File

@ -2,13 +2,13 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: frontend-svc name: srx-admin-svc
namespace: control-interface namespace: control-interface
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app: srx-admin app: srx-admin
ports: ports:
- port: 80 - port: 8080
targetPort: 80 targetPort: 80
protocol: TCP protocol: TCP

92
apps/control-interface/brusnika-stage/helmrelease.yaml
View File

@ -1,92 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: srx-admin
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/srx-admin:prod_feb59026
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: srx-admin
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: srx-admin-svc
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/control-interface/brusnika-stage/kustomization.yaml
View File

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: django
resources:
- helmrelease.yaml

2
apps/cross-section/base/deployment.yaml
View File

@ -40,7 +40,7 @@ spec:
failureThreshold: 20 failureThreshold: 20
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

18
apps/django/base/backend-deployment.yaml
View File

@ -50,7 +50,7 @@ spec:
{{- with secret "secrets/data/minio/apps/django" -}} {{- with secret "secrets/data/minio/apps/django" -}}
AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech
S3_HOST=https://minio.contour.infra.sarex.tech S3_HOST=https://minio.contour.infra.sarex.tech
{{- $buckets := index .Data.data "buckets" }} {{- $buckets := index .Data.data "buckets" -}}
S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}} S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}}
S3_LOGIN={{ index .Data.data "access_key" }} S3_LOGIN={{ index .Data.data "access_key" }}
S3_PASSWORD={{ index .Data.data "secret_key" }} S3_PASSWORD={{ index .Data.data "secret_key" }}
@ -127,11 +127,11 @@ spec:
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: CELERY_REDIS_HOST - name: CELERY_REDIS_HOST
value: redis value: redis-service
- name: CELERY_REDIS_PORT - name: CELERY_REDIS_PORT
value: "6379" value: "6379"
- name: DJANGO_REDIS_HOST - name: DJANGO_REDIS_HOST
value: redis value: redis-service
- name: DJANGO_REDIS_PORT - name: DJANGO_REDIS_PORT
value: "6379" value: "6379"
- name: BIMV2_INTERNAL_HOST - name: BIMV2_INTERNAL_HOST
@ -149,13 +149,13 @@ spec:
- name: MEASUREMENTS_USE_MEASUREMENTS - name: MEASUREMENTS_USE_MEASUREMENTS
value: "1" value: "1"
- name: SERVER_API_HOST - name: SERVER_API_HOST
value: https://sarex.contour.infra.sarex.tech value: https://wb.sarex.io
- name: SERVER_HOST - name: SERVER_HOST
value: https://sarex.contour.infra.sarex.tech value: https://wb.sarex.io
- name: WORKFLOWS_HOST - name: WORKFLOWS_HOST
value: https://sarex.contour.infra.sarex.tech value: https://wb.sarex.io
- name: WORKFLOWS_BASE_HOST - name: WORKFLOWS_BASE_HOST
value: https://sarex.contour.infra.sarex.tech value: https://wb.sarex.io
- name: WORKFLOWS_USE - name: WORKFLOWS_USE
value: "1" value: "1"
- name: SERVER_S3_STREAM_IMPORT - name: SERVER_S3_STREAM_IMPORT
@ -203,8 +203,8 @@ spec:
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
volumeMounts: volumeMounts:
- name: django-configmap - name: django-configmap
mountPath: /opt/sarex/config/settings/production.py mountPath: /opt/sarex/config/settings/production.py

10
apps/django/base/celery-deployment.yaml
View File

@ -50,7 +50,7 @@ spec:
{{- with secret "secrets/data/minio/apps/django" -}} {{- with secret "secrets/data/minio/apps/django" -}}
AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech AWS_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech
S3_HOST=https://minio.contour.infra.sarex.tech S3_HOST=https://minio.contour.infra.sarex.tech
{{- $buckets := index .Data.data "buckets" }} {{- $buckets := index .Data.data "buckets" -}}
S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}} S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}django{{- end -}}
S3_LOGIN={{ index .Data.data "access_key" }} S3_LOGIN={{ index .Data.data "access_key" }}
S3_PASSWORD={{ index .Data.data "secret_key" }} S3_PASSWORD={{ index .Data.data "secret_key" }}
@ -121,11 +121,11 @@ spec:
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: CELERY_REDIS_HOST - name: CELERY_REDIS_HOST
value: redis value: redis-service
- name: CELERY_REDIS_PORT - name: CELERY_REDIS_PORT
value: "6379" value: "6379"
- name: DJANGO_REDIS_HOST - name: DJANGO_REDIS_HOST
value: redis value: redis-service
- name: DJANGO_REDIS_PORT - name: DJANGO_REDIS_PORT
value: "6379" value: "6379"
- name: BIMV2_INTERNAL_HOST - name: BIMV2_INTERNAL_HOST
@ -194,8 +194,8 @@ spec:
value: "False" value: "False"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
volumeMounts: volumeMounts:
- name: django-configmap - name: django-configmap
mountPath: /opt/sarex/config/settings/production.py mountPath: /opt/sarex/config/settings/production.py

6
apps/django/base/django-configmap.yaml
View File

@ -55,7 +55,7 @@ data:
FILE_UPLOAD_PERMISSIONS = 0o644 FILE_UPLOAD_PERMISSIONS = 0o644
DEBUG = False DEBUG = False
CSRF_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = ["https://sarex.contour.infra.sarex.tech", "http://sarex.contour.infra.sarex.tech"] CSRF_TRUSTED_ORIGINS = ["https://lk.srx.wb.ru:30443", "https://lk.srx.wb.ru"]
SESSION_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = False SECURE_SSL_REDIRECT = False
@ -87,7 +87,7 @@ data:
'Bearer', 'Bearer',
) )
HOST = "https://sarex.contour.infra.sarex.tech" HOST = "https://wb.sarex.io"
POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE') POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE')
POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER') POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER')
@ -310,7 +310,7 @@ data:
DEBUG=True DEBUG=True
WEB_APP_AUTH_MODE='jwt-session-based' #WEB_APP_AUTH_MODE='jwt-session-based'
SAREX_MODULES_SETTINGS = { SAREX_MODULES_SETTINGS = {

2
apps/django/base/frontend-deployment.yaml
View File

@ -34,7 +34,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:
- name: nginx-configmap - name: nginx-configmap

17
apps/django/base/nginx-configmap.yaml
View File

@ -80,19 +80,10 @@ data:
# } # }
location ~^/workspaces-v2/(.+).js { location ~^/workspaces-v2/(.+).js {
proxy_http_version 1.1;
proxy_set_header Connection "";
rewrite /workspaces-v2/(.+) /$1 break; rewrite /workspaces-v2/(.+) /$1 break;
proxy_pass http://frontend-svc.workspaces.svc.cluster.local:80; proxy_pass http://frontend-svc.workspaces.svc.cluster.local:80;
} }
location ~^/workspaces-v2/(.+)\.wasm$ {
proxy_http_version 1.1;
proxy_set_header Connection "";
rewrite ^/workspaces-v2/(.+) /$1 break;
proxy_pass http://frontend-svc.workspaces.svc.cluster.local:80;
}
location @index { location @index {
add_header Cache-Control 'no-cache, must-revalidate, proxy-revalidate, max-age=0'; add_header Cache-Control 'no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off; if_modified_since off;
@ -100,10 +91,10 @@ data:
try_files /static/index.html =404; try_files /static/index.html =404;
} }
# location ~^/workflows/(.+).js { location ~^/workflows/(.+).js {
# rewrite /workflows/(.+) /$1 break; rewrite /workflows/(.+) /$1 break;
# proxy_pass http://frontend-svc.processing.svc.cluster.local:80; proxy_pass http://frontend-svc.processing.svc.cluster.local:80;
# } }
location /service-worker.js { location /service-worker.js {
try_files /static/$uri @index; try_files /static/$uri @index;
} }

2
apps/django/base/srx-admin-deployment.yaml
View File

@ -26,7 +26,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

406
apps/django/brusnika-stage/celery.yaml
View File

@ -1,406 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: celery
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/backend:production_8f05291e
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: celery
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
command:
_default:
- celery
- -A
- config
- worker
- -B
- -l
- info
- -E
- -Q
- default
- -n
- default_worker.%h
- --concurrency=2
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: celery
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: uwsgi-configmap
mountPath:
_default: /opt/sarex/uwsgi.ini
subPath:
_default: uwsgi.ini
readOnly:
_default: true
configMap:
name:
_default: uwsgi-configmap
items:
- key: uwsgi.ini
path:
_default: uwsgi.ini
- name: django-configmap
mountPath:
_default: /opt/sarex/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: django-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: SERVER_SUPERSET_HOST
value:
_default: "https://superset.test.sarex.brusnika.tech"
- name: GK_ENCRYPTION_KEY
value:
_default: "zfDjuszywHSbAhY8KJQbESbpUYN74XTs"
- name: ALLOWED_HOSTS
value:
_default: "*"
- name: SERVER_USE_CHANGELOG
value:
_default: "0"
- name: SERVER_ZITADEL_ENABLED
value:
_default: "False"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: CELERY_REDIS_HOST
value:
_default: "redis-service"
- name: CELERY_REDIS_PORT
value:
_default: "6379"
- name: DJANGO_REDIS_HOST
value:
_default: "redis-service"
- name: DJANGO_REDIS_PORT
value:
_default: "6379"
- name: BIMV2_INTERNAL_HOST
value:
_default: "http://bim-backend-v2-service.bim-api"
- name: BIMV2_TIMEOUT
value:
_default: "60"
- name: JWT_KID
value:
_default: "1"
- name: PDM_SYNC
value:
_default: "1"
- name: KC_SYNC_ENABLE
value:
_default: "0"
- name: MEASUREMENTS_HOST
value:
_default: "http://measurements-service.measurements.svc.cluster.local:8000/api"
- name: MEASUREMENTS_USE_MEASUREMENTS
value:
_default: "1"
- name: SERVER_API_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: SERVER_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_BASE_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_USE
value:
_default: "1"
- name: SERVER_S3_STREAM_IMPORT
value:
_default: "1"
- name: SERVER_SAVE_DIFF_DEM
value:
_default: "1"
- name: SERVER_USE_CLICKHOUSE
value:
_default: "0"
- name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK
value:
_default: "0"
- name: SERVER_USE_DJANGO_STORAGE
value:
_default: "1"
- name: SERVER_USE_METASHAPE
value:
_default: "0"
- name: SERVER_CHANGELOG_MODE_SYSTEM_LOG
value:
_default: "1"
- name: SERVER_CHANGELOG_MODE
value:
_default: "0"
- name: SERVER_DJANGO_URLS
value:
_default: "1"
- name: CHECK_IMPORT_HASH
value:
_default: "1"
- name: EAV_ENABLE
value:
_default: "1"
- name: SERVER_CHECK_IMPORT_HASH
value:
_default: "1"
- name: SERVER_CHUNKED_PATH
value:
_default: "/tmp/chunked_uploads/%Y/%m/%d"
- name: SERVER_HIDE_USER_SCROLL_PERMISSIONS
value:
_default: "0"
- name: SERVER_USE_WRORKFLOW_STATUS
value:
_default: "1"
- name: S3_HOST
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: KC_USE_REDIRECT_LOGOUT
value:
_default: "True"
secretEnvs:
- name: SERVER_SUPERSET_JWT_SECRET
secretName:
_default: "jwt-secret-superset"
secretKey: "jwt_secret"
- name: KC_CLIENT_ID
secretName:
_default: "gatekeeper-secret"
secretKey: "client_id"
- name: KC_CLIENT_SECRET
secretName:
_default: "gatekeeper-secret"
secretKey: "client_secret"
- name: AWS_S3_ENDPOINT_URL
secretName:
_default: "s3-secret"
secretKey: "endpoint"
- name: CELERY_RABBITMQ_HOST
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: CELERY_RABBITMQ_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: CELERY_RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: CELERY_RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: DJANGO_POSTGRES_HOST
secretName:
_default: "postgres-secret"
secretKey: "host"
- name: DJANGO_POSTGRES_PORTS
secretName:
_default: "postgres-secret"
secretKey: "port"
- name: DJANGO_POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DJANGO_POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_POSTGRES_DATABASE
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: DJANGO_RABBIT_HOSTNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: DJANGO_RABBIT_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: DJANGO_RABBIT_PASS
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: DJANGO_RABBIT_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
- name: S3_BUCKET
secretName:
_default: "sarex-media-storage-secret"
secretKey: "bucket"
- name: S3_LOGIN
secretName:
_default: "sarex-media-storage-secret"
secretKey: "login"
- name: S3_PASSWORD
secretName:
_default: "sarex-media-storage-secret"
secretKey: "password"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

94
apps/django/brusnika-stage/export-project.yaml
View File

@ -1,94 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: export-project
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/export-project:prod_37a48176
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: export-project
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: export-project-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

10
apps/django/brusnika-stage/kustomization.yaml
View File

@ -1,10 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: django
resources:
- sarex-frontend.yaml
- sarex-backend.yaml
- celery.yaml
- export-project.yaml
- s3-proxy.yaml

113
apps/django/brusnika-stage/s3-proxy.yaml
View File

@ -1,113 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: s3-proxy
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/export-project:prod_37a48176
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: s3-proxy
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: s3-proxy-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: AWS_API_ENDPOINT
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: APP_PORT
value:
_default: "8000"
secretEnvs:
- name: AWS_ACCESS_KEY_ID
secretName:
_default: "sarex-media-storage-secret"
secretKey: "login"
- name: AWS_SECRET_ACCESS_KEY
secretName:
_default: "sarex-media-storage-secret"
secretKey: "password"
- name: AWS_S3_BUCKET
secretName:
_default: "sarex-media-storage-secret"
secretKey: "bucket"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

390
apps/django/brusnika-stage/sarex-backend.yaml
View File

@ -1,390 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: backend
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/backend:production_8f05291e
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: backend
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: uwsgi-configmap
mountPath:
_default: /opt/sarex/uwsgi.ini
subPath:
_default: uwsgi.ini
readOnly:
_default: true
configMap:
name:
_default: uwsgi-configmap
items:
- key: uwsgi.ini
path:
_default: uwsgi.ini
- name: django-configmap
mountPath:
_default: /opt/sarex/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: django-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: SERVER_SUPERSET_HOST
value:
_default: "https://superset.test.sarex.brusnika.tech"
- name: GK_ENCRYPTION_KEY
value:
_default: "zfDjuszywHSbAhY8KJQbESbpUYN74XTs"
- name: ALLOWED_HOSTS
value:
_default: "*"
- name: SERVER_USE_CHANGELOG
value:
_default: "0"
- name: SERVER_ZITADEL_ENABLED
value:
_default: "False"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: CELERY_REDIS_HOST
value:
_default: "redis-service"
- name: CELERY_REDIS_PORT
value:
_default: "6379"
- name: DJANGO_REDIS_HOST
value:
_default: "redis-service"
- name: DJANGO_REDIS_PORT
value:
_default: "6379"
- name: BIMV2_INTERNAL_HOST
value:
_default: "http://bim-backend-v2-service.bim-api"
- name: BIMV2_TIMEOUT
value:
_default: "60"
- name: JWT_KID
value:
_default: "1"
- name: PDM_SYNC
value:
_default: "1"
- name: KC_SYNC_ENABLE
value:
_default: "0"
- name: MEASUREMENTS_HOST
value:
_default: "http://measurements-service.measurements.svc.cluster.local:8000/api"
- name: MEASUREMENTS_USE_MEASUREMENTS
value:
_default: "1"
- name: SERVER_API_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: SERVER_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_BASE_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: WORKFLOWS_USE
value:
_default: "1"
- name: SERVER_S3_STREAM_IMPORT
value:
_default: "1"
- name: SERVER_SAVE_DIFF_DEM
value:
_default: "1"
- name: SERVER_USE_CLICKHOUSE
value:
_default: "0"
- name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK
value:
_default: "0"
- name: SERVER_USE_DJANGO_STORAGE
value:
_default: "1"
- name: SERVER_USE_METASHAPE
value:
_default: "0"
- name: SERVER_CHANGELOG_MODE_SYSTEM_LOG
value:
_default: "1"
- name: SERVER_CHANGELOG_MODE
value:
_default: "0"
- name: SERVER_DJANGO_URLS
value:
_default: "1"
- name: CHECK_IMPORT_HASH
value:
_default: "1"
- name: EAV_ENABLE
value:
_default: "1"
- name: SERVER_CHECK_IMPORT_HASH
value:
_default: "1"
- name: SERVER_CHUNKED_PATH
value:
_default: "/tmp/chunked_uploads/%Y/%m/%d"
- name: SERVER_HIDE_USER_SCROLL_PERMISSIONS
value:
_default: "0"
- name: SERVER_USE_WRORKFLOW_STATUS
value:
_default: "1"
- name: S3_HOST
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: KC_USE_REDIRECT_LOGOUT
value:
_default: "True"
secretEnvs:
- name: SERVER_SUPERSET_JWT_SECRET
secretName:
_default: "jwt-secret-superset"
secretKey: "jwt_secret"
- name: KC_CLIENT_ID
secretName:
_default: "gatekeeper-secret"
secretKey: "client_id"
- name: KC_CLIENT_SECRET
secretName:
_default: "gatekeeper-secret"
secretKey: "client_secret"
- name: AWS_S3_ENDPOINT_URL
secretName:
_default: "s3-secret"
secretKey: "endpoint"
- name: CELERY_RABBITMQ_HOST
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: CELERY_RABBITMQ_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: CELERY_RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: CELERY_RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: DJANGO_POSTGRES_HOST
secretName:
_default: "postgres-secret"
secretKey: "host"
- name: DJANGO_POSTGRES_PORTS
secretName:
_default: "postgres-secret"
secretKey: "port"
- name: DJANGO_POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DJANGO_POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_POSTGRES_DATABASE
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: DJANGO_RABBIT_HOSTNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "host"
- name: DJANGO_RABBIT_USER
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: DJANGO_RABBIT_PASS
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: DJANGO_RABBIT_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
- name: S3_BUCKET
secretName:
_default: "sarex-media-storage-secret"
secretKey: "bucket"
- name: S3_LOGIN
secretName:
_default: "sarex-media-storage-secret"
secretKey: "login"
- name: S3_PASSWORD
secretName:
_default: "sarex-media-storage-secret"
secretKey: "password"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

109
apps/django/brusnika-stage/sarex-frontend.yaml
View File

@ -1,109 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: frontend
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/sarex-frontend-dev:contour_5.16.3
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: nginx-configmap
mountPath:
_default: /etc/nginx/nginx.conf
subPath:
_default: nginx.conf
readOnly:
_default: true
configMap:
name:
_default: nginx-configmap
items:
- key: nginx.conf
path: nginx.conf
defaultMode: 420
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

2
apps/django/yc-k8s-test/kustomization.yaml
View File

@ -4,6 +4,4 @@ kind: Kustomization
resources: resources:
- ../base - ../base
- postgresql.yaml - postgresql.yaml
- redis-deployment.yaml
- redis-service.yaml
patches: [] patches: []

3
apps/django/yc-k8s-test/postgresql.yaml
View File

@ -91,8 +91,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

27
apps/django/yc-k8s-test/redis-deployment.yaml
View File

@ -1,27 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: django
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: cr.yandex/crp3ccidau046kdj8g9q/redis:latest
imagePullPolicy: Always
ports:
- containerPort: 6379
protocol: TCP
imagePullSecrets:
- name: regcred

13
apps/django/yc-k8s-test/redis-service.yaml
View File

@ -1,13 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: django
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
protocol: TCP

2
apps/document-link/base/deployment.yaml
View File

@ -27,7 +27,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

92
apps/document-link/brusnika-stage/helmrelease.yaml
View File

@ -1,92 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: frontend
namespace: document-link
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:51c342660b1bebebcaada22551e660ff260a4523
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 3000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 3000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/document-link/brusnika-stage/kustomization.yaml
View File

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: document-link
resources:
- helmrelease.yaml

30
apps/documentations/base/api-deployment.yaml
View File

@ -72,7 +72,7 @@ spec:
exec /app/entrypoint.sh exec /app/entrypoint.sh
ports: ports:
- name: http - name: http
containerPort: 8080 containerPort: 8000
protocol: TCP protocol: TCP
env: env:
- name: POSTGRES_POOL_SIZE - name: POSTGRES_POOL_SIZE
@ -82,9 +82,9 @@ spec:
- name: ZITADEL_DOMAIN - name: ZITADEL_DOMAIN
value: zitadel-srx.wb.ru value: zitadel-srx.wb.ru
- name: USE_ZITADEL - name: USE_ZITADEL
value: "0" value: "1"
- name: FLOWS_URL - name: FLOWS_URL
value: http://backend-svc.flows.svc.cluster.local:80 value: http://backend-service.flows.svc.cluster.local:8000
- name: LAST_MASTER_BIM - name: LAST_MASTER_BIM
value: "36311" value: "36311"
- name: API_ADDRESS - name: API_ADDRESS
@ -98,7 +98,7 @@ spec:
- name: ENABLE_SSL - name: ENABLE_SSL
value: "0" value: "0"
- name: WORKSPACE_V2_EXTERNAL_URL - name: WORKSPACE_V2_EXTERNAL_URL
value: https://sarex.contour.infra.sarex.tech/workspaces-v2/ value: https://srx.wb.ru/workspaces-v2/
- name: ENABLE_S3 - name: ENABLE_S3
value: "1" value: "1"
- name: CONTAINER_REGISTRY - name: CONTAINER_REGISTRY
@ -108,15 +108,15 @@ spec:
- name: LAST_SLAVE_1_BIM - name: LAST_SLAVE_1_BIM
value: "1000000" value: "1000000"
- name: HOST - name: HOST
value: http://backend-api-svc.documentations.svc.cluster.local:80 value: http://documentations-api.documentations.svc.cluster.local:8080
- name: FILE_STREAM_HOST - name: FILE_STREAM_HOST
value: sarex.contour.infra.sarex.tech value: srx.wb.ru
- name: DOCUMENTATION_URL - name: DOCUMENTATION_URL
value: http://documentations-api.documentations.svc.cluster.local:80/ value: http://documentations-api.documentations.svc.cluster.local:8080/
- name: WORKFLOW_URL - name: WORKFLOW_URL
value: http://backend-svc.processing.svc.cluster.local:80/ value: http://workflows-api-service.workflow.svc.cluster.local:8000/
- name: WORKSPACE_URL - name: WORKSPACE_URL
value: http://backend-svc.workspaces.svc.cluster.local:80/ value: http://workspaces-service.workspaces.svc.cluster.local:8000/
- name: BIM_API_URL - name: BIM_API_URL
value: http://bim-api-service.bim.svc.cluster.local:8080/ value: http://bim-api-service.bim.svc.cluster.local:8080/
- name: BIM_API_V2_URL - name: BIM_API_V2_URL
@ -124,9 +124,9 @@ spec:
- name: WORKSPACE_BUNDLE_VERSION - name: WORKSPACE_BUNDLE_VERSION
value: v1 value: v1
- name: SYSTEM_LOG_URL - name: SYSTEM_LOG_URL
value: http://backend-svc.system-log.svc.cluster.local:80 value: http://api-service.system-log.svc.cluster.local:8000
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend-svc.django.svc.cluster.local:80 value: http://backend.django.svc.cluster.local:8000
- name: MARKS_PROCESSING_URL - name: MARKS_PROCESSING_URL
value: http://marks-service:8000 value: http://marks-service:8000
- name: PUBLIC_LINK_HOST - name: PUBLIC_LINK_HOST
@ -152,9 +152,9 @@ spec:
- name: CACHE_CLEANUP_INTERVAL - name: CACHE_CLEANUP_INTERVAL
value: 60s value: 60s
- name: ENABLE_AUTH_JWT_IN_URL - name: ENABLE_AUTH_JWT_IN_URL
value: "true"
- name: ENABLE_SIGNATURE_IN_URL
value: "false" value: "false"
- name: ENABLE_SIGNATURE_IN_URL
value: "true"
- name: USE_CACHE_IN_FILE_STREAMER - name: USE_CACHE_IN_FILE_STREAMER
value: "0" value: "0"
- name: VALKEY_ADDR - name: VALKEY_ADDR
@ -166,8 +166,8 @@ spec:
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

2
apps/documentations/base/api-service.yaml
View File

@ -11,5 +11,5 @@ spec:
ports: ports:
- name: http - name: http
port: 80 port: 80
targetPort: 8080 targetPort: 8000
protocol: TCP protocol: TCP

18
apps/documentations/base/filestream-deployment.yaml
View File

@ -72,7 +72,7 @@ spec:
exec /app/file_entrypoint.sh exec /app/file_entrypoint.sh
ports: ports:
- name: http - name: http
containerPort: 8080 containerPort: 8000
protocol: TCP protocol: TCP
env: env:
- name: POSTGRES_POOL_SIZE - name: POSTGRES_POOL_SIZE
@ -82,9 +82,9 @@ spec:
- name: ZITADEL_DOMAIN - name: ZITADEL_DOMAIN
value: zitadel-srx.wb.ru value: zitadel-srx.wb.ru
- name: USE_ZITADEL - name: USE_ZITADEL
value: "0" value: "1"
- name: FLOWS_URL - name: FLOWS_URL
value: http://backend-svc.flows.svc.cluster.local:80 value: http://backend-service.flows.svc.cluster.local:8000
- name: LAST_MASTER_BIM - name: LAST_MASTER_BIM
value: "36311" value: "36311"
- name: API_ADDRESS - name: API_ADDRESS
@ -108,15 +108,15 @@ spec:
- name: LAST_SLAVE_1_BIM - name: LAST_SLAVE_1_BIM
value: "1000000" value: "1000000"
- name: HOST - name: HOST
value: http://backend-api-svc.documentations.svc.cluster.local:80 value: http://documentations-api.documentations.svc.cluster.local:8080
- name: FILE_STREAM_HOST - name: FILE_STREAM_HOST
value: srx.wb.ru value: srx.wb.ru
- name: DOCUMENTATION_URL - name: DOCUMENTATION_URL
value: http://backend-api-svc.documentations.svc.cluster.local:80/ value: http://documentations-api.documentations.svc.cluster.local:8080/
- name: WORKFLOW_URL - name: WORKFLOW_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000/ value: http://workflows-api-service.workflow.svc.cluster.local:8000/
- name: WORKSPACE_URL - name: WORKSPACE_URL
value: http://backend-svc.workspaces.svc.cluster.local:80/ value: http://workspaces-service.workspaces.svc.cluster.local:8000/
- name: BIM_API_URL - name: BIM_API_URL
value: http://bim-api-service.bim.svc.cluster.local:8080/ value: http://bim-api-service.bim.svc.cluster.local:8080/
- name: BIM_API_V2_URL - name: BIM_API_V2_URL
@ -126,7 +126,7 @@ spec:
- name: SYSTEM_LOG_URL - name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000 value: http://api-service.system-log.svc.cluster.local:8000
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend-svc.django.svc.cluster.local:80 value: http://backend.django.svc.cluster.local:8000
- name: MARKS_PROCESSING_URL - name: MARKS_PROCESSING_URL
value: http://marks-service:8000 value: http://marks-service:8000
- name: PUBLIC_LINK_HOST - name: PUBLIC_LINK_HOST
@ -166,8 +166,8 @@ spec:
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

2
apps/documentations/base/filestream-service.yaml
View File

@ -11,5 +11,5 @@ spec:
ports: ports:
- name: http - name: http
port: 80 port: 80
targetPort: 8080 targetPort: 8000
protocol: TCP protocol: TCP

4
apps/documentations/base/frontend-deployment.yaml
View File

@ -18,7 +18,7 @@ spec:
spec: spec:
containers: containers:
- name: frontend - name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ae1bb076 image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ce5555d3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http
@ -26,7 +26,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

22
apps/documentations/base/pdm-deployment.yaml
View File

@ -106,13 +106,13 @@ spec:
- name: CACHE_DEFAULT_EXPIRATION - name: CACHE_DEFAULT_EXPIRATION
value: 60s value: 60s
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend-svc.django.svc.cluster.local:80 value: http://backend.django.svc.cluster.local:8000
- name: DJANGO_ORIGINATOR - name: DJANGO_ORIGINATOR
value: docs_prod value: docs_prod
- name: DOCUMENTATION_URL - name: DOCUMENTATION_URL
value: http://backend-api-svc.documentations.svc.cluster.local:80/ value: http://documentations-api.documentations.svc.cluster.local:8080/
- name: EAV_URL - name: EAV_URL
value: http://backend-svc.eav.svc.cluster.local:80 value: http://eav-service.eav.svc.cluster.local:8000
- name: ENABLE_OBSERVABILITY - name: ENABLE_OBSERVABILITY
value: "false" value: "false"
- name: ENABLE_S3 - name: ENABLE_S3
@ -122,7 +122,7 @@ spec:
- name: ENVIRONMENT - name: ENVIRONMENT
value: prod value: prod
- name: FLOWS_URL - name: FLOWS_URL
value: http://backend-svc.flows.svc.cluster.local:80 value: http://backend-service.flows.svc.cluster.local:8000
- name: HEIGHT_THUMB_ATTACHMENTS - name: HEIGHT_THUMB_ATTACHMENTS
value: "300" value: "300"
- name: HEIGHT_THUMB_STATES - name: HEIGHT_THUMB_STATES
@ -147,13 +147,13 @@ spec:
- name: S3_SERVICE_ACCOUNT - name: S3_SERVICE_ACCOUNT
value: /vault/secrets/documentations-s3-account-json value: /vault/secrets/documentations-s3-account-json
- name: STATES_URL - name: STATES_URL
value: http://backend-svc.workspaces.svc.cluster.local:80/ value: http://workspaces-service.workspaces.svc.cluster.local:8000/
- name: SUBSCRIPTIONS_URL - name: SUBSCRIPTIONS_URL
value: http://backend-svc.subscriptions.svc.cluster.local:80 value: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80
- name: SYSTEM_LOG_URL - name: SYSTEM_LOG_URL
value: http://api-service.system-log.svc.cluster.local:8000 value: http://api-service.system-log.svc.cluster.local:8000
- name: TARGET_URL - name: TARGET_URL
value: http://backend-svc.django.svc.cluster.local:80 value: http://backend.django.svc.cluster.local:8000
- name: USE_CACHE_IN_FILE_STREAMER - name: USE_CACHE_IN_FILE_STREAMER
value: "1" value: "1"
- name: USE_SUBSCRIPTIONS - name: USE_SUBSCRIPTIONS
@ -167,15 +167,15 @@ spec:
- name: WORKFLOW_IMAGES_VERSION - name: WORKFLOW_IMAGES_VERSION
value: master value: master
- name: WORKFLOW_URL - name: WORKFLOW_URL
value: http://backend-svc.processing.svc.cluster.local:80/ value: http://workflows-api-service.workflow.svc.cluster.local:8000/
- name: WORKSPACE_BUNDLE_VERSION - name: WORKSPACE_BUNDLE_VERSION
value: v1 value: v1
- name: WORKSPACE_URL - name: WORKSPACE_URL
value: http://backend-svc.workspaces.svc.cluster.local:80/ value: http://workspaces-service.workspaces.svc.cluster.local:8000/
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

292
apps/documentations/brusnika-stage/api.yaml
View File

@ -1,292 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: documentations-api
namespace: documentations
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
driftDetection:
mode: enabled
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_5904312b
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: documentations-api
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: documentations-api
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: documentations-yc-s3-secret
mountPath:
_default: /etc/sarex/yc-s3-storage
readOnly:
_default: true
secret:
secretName:
_default: documentations-yc-s3
labels:
monitoring: prometheus
envs:
- name: POSTGRES_ADDRESS
value:
_default: "192.168.2.45"
- name: POSTGRES_PORT
value:
_default: "5432"
- name: POSTGRES_DB
value:
_default: "documentations"
- name: POSTGRES_POOL_SIZE
value:
_default: "20"
- name: FLOWS_URL
value:
_default: "http://backend-service.flows.svc.cluster.local:8000"
- name: LAST_MASTER_BIM
value:
_default: "36311"
- name: API_ADDRESS
value:
_default: "0.0.0.0:8080"
- name: API_ADDRESS_FILE
value:
_default: "0.0.0.0:8080"
- name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
value:
_default: "5"
- name: ENABLE_SQL_QUERY
value:
_default: "0"
- name: ENABLE_SSL
value:
_default: "0"
- name: WORKSPACE_V2_EXTERNAL_URL
value:
_default: "https://test.sarex.brusnika.tech/workspaces-v2/"
- name: ENABLE_S3
value:
_default: "1"
- name: CONTAINER_REGISTRY
value:
_default: "cr.yandex/crp3ccidau046kdj8g9q"
- name: ENVIRONMENT
value:
_default: "production"
- name: HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: VALKEY_PORT
value:
_default: "6379"
- name: VALKEY_HOST
value:
_default: "redis"
- name: VALKEY_ADDR
value:
_default: "redis:6379"
- name: FILE_STREAM_HOST
value:
_default: "cde.brusnika.lonsdaleites.ru"
- name: DOCUMENTATION_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/"
- name: WORKFLOW_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/"
- name: WORKSPACE_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
- name: BIM_API_URL
value:
_default: "http://bim-api-service.bim.svc.cluster.local:8080/"
- name: BIM_API_V2_URL
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: WORKSPACE_BUNDLE_VERSION
value:
_default: "v1"
- name: SYSTEM_LOG_URL
value:
_default: "http://api-service.system-log.svc.cluster.local:8000"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: MARKS_PROCESSING_URL
value:
_default: "http://marks-service:8000"
- name: PUBLIC_LINK_HOST
value:
_default: "https://document-link.test.sarex.brusnika.tech"
- name: NAMESPACE
value:
_default: "documentations"
- name: DJANGO_ORIGINATOR
value:
_default: "docs_prod"
- name: WORKFLOW_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOWS_IMAGES_VERSION
value:
_default: "master"
- name: S3_SERVICE_ACCOUNT
value:
_default: "/etc/sarex/yc-s3-storage/yc-s3-service-account.json"
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value:
_default: "6h"
- name: CACHE_DEFAULT_EXPIRATION
value:
_default: "60s"
- name: CACHE_CLEANUP_INTERVAL
value:
_default: "60s"
- name: USE_CACHE_IN_FILE_STREAMER
value:
_default: "1"
secretEnvs:
- name: PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
- name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
secretName:
_default: "yc-jwt-secret"
secretKey: "secret"
- name: POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: DJANGO_BASIC_AUTH_FOR_GET_USER
secretName:
_default: "django-auth"
secretKey: "key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

292
apps/documentations/brusnika-stage/filestream.yaml
View File

@ -1,292 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: documentations-filestream
namespace: documentations
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
driftDetection:
mode: enabled
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_5904312b
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: documentations-filestream
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: documentations-filestream
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: documentations-yc-s3-secret
mountPath:
_default: /etc/sarex/yc-s3-storage
readOnly:
_default: true
secret:
secretName:
_default: documentations-yc-s3
labels:
monitoring: prometheus
envs:
- name: POSTGRES_ADDRESS
value:
_default: "192.168.2.45"
- name: POSTGRES_PORT
value:
_default: "5432"
- name: POSTGRES_DB
value:
_default: "documentations"
- name: POSTGRES_POOL_SIZE
value:
_default: "20"
- name: FLOWS_URL
value:
_default: "http://backend-service.flows.svc.cluster.local:8000"
- name: LAST_MASTER_BIM
value:
_default: "36311"
- name: API_ADDRESS
value:
_default: "0.0.0.0:8080"
- name: VALKEY_PORT
value:
_default: "6379"
- name: VALKEY_ADDR
value:
_default: "redis:6379"
- name: VALKEY_HOST
value:
_default: "redis"
- name: API_ADDRESS_FILE
value:
_default: "0.0.0.0:8080"
- name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES
value:
_default: "5"
- name: ENABLE_SQL_QUERY
value:
_default: "0"
- name: ENABLE_SSL
value:
_default: "0"
- name: WORKSPACE_V2_EXTERNAL_URL
value:
_default: "https://test.sarex.brusnika.tech/workspaces-v2/"
- name: ENABLE_S3
value:
_default: "1"
- name: CONTAINER_REGISTRY
value:
_default: "cr.yandex/crp3ccidau046kdj8g9q"
- name: ENVIRONMENT
value:
_default: "production"
- name: HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: FILE_STREAM_HOST
value:
_default: "cde.brusnika.lonsdaleites.ru"
- name: DOCUMENTATION_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/"
- name: WORKFLOW_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/"
- name: WORKSPACE_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
- name: BIM_API_URL
value:
_default: "http://bim-api-service.bim.svc.cluster.local:8080/"
- name: BIM_API_V2_URL
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: WORKSPACE_BUNDLE_VERSION
value:
_default: "v1"
- name: SYSTEM_LOG_URL
value:
_default: "http://api-service.system-log.svc.cluster.local:8000"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: MARKS_PROCESSING_URL
value:
_default: "http://marks-service:8000"
- name: PUBLIC_LINK_HOST
value:
_default: "https://document-link.test.sarex.brusnika.tech"
- name: NAMESPACE
value:
_default: "documentations"
- name: DJANGO_ORIGINATOR
value:
_default: "docs_prod"
- name: WORKFLOW_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOWS_IMAGES_VERSION
value:
_default: "master"
- name: S3_SERVICE_ACCOUNT
value:
_default: "/etc/sarex/yc-s3-storage/yc-s3-service-account.json"
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value:
_default: "6h"
- name: CACHE_DEFAULT_EXPIRATION
value:
_default: "60s"
- name: CACHE_CLEANUP_INTERVAL
value:
_default: "60s"
- name: USE_CACHE_IN_FILE_STREAMER
value:
_default: "1"
secretEnvs:
- name: PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
- name: DOCUMENT_PUBLIC_LINK_JWT_SECRET
secretName:
_default: "yc-jwt-secret"
secretKey: "secret"
- name: POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: DJANGO_BASIC_AUTH_FOR_GET_USER
secretName:
_default: "django-auth"
secretKey: "key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

95
apps/documentations/brusnika-stage/frontend.yaml
View File

@ -1,95 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: documentation-frontend-static
namespace: documentations
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
driftDetection:
mode: enabled
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_5a4e4adc
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: documentation-frontend-static
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: documentation-frontend-static-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

9
apps/documentations/brusnika-stage/kustomization.yaml
View File

@ -1,9 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: documentations
resources:
- frontend.yaml
- pdm.yaml
- api.yaml
- filestream.yaml

342
apps/documentations/brusnika-stage/pdm.yaml
View File

@ -1,342 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: pdm-api
namespace: documentations
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
driftDetection:
mode: enabled
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_9507c2d5
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: pdm-api
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: pdm-api
type:
_default: ClusterIP
port:
_default: 8080
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: documentations-yc-s3-secret
mountPath:
_default: /etc/sarex/yc-s3-storage
readOnly:
_default: true
secret:
secretName:
_default: documentations-yc-s3
labels:
monitoring: prometheus
envs:
- name: USE_EXPERIMENTAL
value:
_default: "true"
- name: API_ADDRESS
value:
_default: "0.0.0.0:8080"
- name: API_ADDRESS_FILE
value:
_default: "0.0.0.0:8080"
- name: API_HOST_PREFIX
value:
_default: "/"
- name: APP_NAME
value:
_default: "pdm_v2"
- name: APP_VERSION
value:
_default: "0.0.1"
- name: TRANSMITTALS_BASE_URL
value:
_default: ""
- name: TRANSMITTALS_ENABLE
value:
_default: "false"
- name: DRAWINGS_INTERNAL_URL
value:
_default: "http://drawings-api-service.drawings.svc.cluster.local:80"
- name: ATTACHMENTS_URL
value:
_default: "http://attachments-service.attachments.svc.cluster.local:8000"
- name: BIM_API_V2_URL
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: BIM_V2_HOST
value:
_default: "http://backend-service.bim.svc.cluster.local:8000/"
- name: CACHE_CLEANUP_INTERVAL
value:
_default: "60s"
- name: CACHE_DEFAULT_EXPIRATION
value:
_default: "60s"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: DJANGO_ORIGINATOR
value:
_default: "docs_prod"
- name: DOCUMENTATION_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/"
- name: EAV_URL
value:
_default: "http://eav-service.eav.svc.cluster.local:8000"
- name: ENABLE_OBSERVABILITY
value:
_default: "false"
- name: ENABLE_PERMISSIONS_FILTER
value:
_default: "false"
- name: ENABLE_S3
value:
_default: "1"
- name: ENABLE_SSL
value:
_default: "0"
- name: ENVIRONMENT
value:
_default: "prod"
- name: FLOWS_URL
value:
_default: "http://backend-service.flows.svc.cluster.local:8000"
- name: HEIGHT_THUMB_ATTACHMENTS
value:
_default: "300"
- name: HEIGHT_THUMB_STATES
value:
_default: "73"
- name: HTTP_PORT
value:
_default: "8080"
- name: INSPECTIONS_URL
value:
_default: "http://inspections-service.inspections.svc.cluster.local:80"
- name: LOG_LEVEL
value:
_default: "INFO"
- name: NOTES_URL
value:
_default: ""
- name: OBSERVABILITY_COLLECTOR_ENDPOINT
value:
_default: "temp"
- name: POSTGRES_ADDRESS
value:
_default: "192.168.2.45"
- name: POSTGRES_DB
value:
_default: "documentations"
- name: POSTGRES_POOL_SIZE
value:
_default: "20"
- name: POSTGRES_PORT
value:
_default: "5432"
- name: READ_WRITE_TIMEOUT_FILE_STREAM
value:
_default: "6h"
- name: RELEASES_URL
value:
_default: "https://gitlab.com"
- name: REMARKS_URL
value:
_default: "http://remarks-static-service.remarks.svc.cluster.local:8080/remarks"
- name: RESOURCES_URL
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: S3_SERVICE_ACCOUNT
value:
_default: "/etc/sarex/yc-s3-storage/yc-s3-service-account.json"
- name: STATES_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
- name: SUBSCRIPTIONS_URL
value:
_default: "http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80"
- name: SYSTEM_LOG_URL
value:
_default: "http://api-service.system-log.svc.cluster.local:8000"
- name: TARGET_URL
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: USE_CACHE_IN_FILE_STREAMER
value:
_default: "1"
- name: USE_SUBSCRIPTIONS
value:
_default: "false"
- name: WIDTH_THUMB_ATTACHMENTS
value:
_default: "300"
- name: WIDTH_THUMB_STATES
value:
_default: "120"
- name: WORKFLOWS_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOW_IMAGES_VERSION
value:
_default: "master"
- name: WORKFLOW_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/"
- name: WORKSPACE_BUNDLE_VERSION
value:
_default: "v1"
- name: WORKSPACE_URL
value:
_default: "http://workspaces-service.workspaces.svc.cluster.local:8000/"
secretEnvs:
- name: RELEASES_TOKEN
secretName:
_default: "releases-token"
secretKey: "key"
- name: POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

2
apps/documentations/yc-k8s-test/kustomization.yaml
View File

@ -4,6 +4,4 @@ kind: Kustomization
resources: resources:
- ../base - ../base
- postgresql.yaml - postgresql.yaml
- redis-deployment.yaml
- redis-service.yaml
patches: [] patches: []

3
apps/documentations/yc-k8s-test/postgresql.yaml
View File

@ -91,8 +91,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

27
apps/documentations/yc-k8s-test/redis-deployment.yaml
View File

@ -1,27 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: documentations
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: cr.yandex/crp3ccidau046kdj8g9q/redis:latest
imagePullPolicy: Always
ports:
- containerPort: 6379
protocol: TCP
imagePullSecrets:
- name: regcred

13
apps/documentations/yc-k8s-test/redis-service.yaml
View File

@ -1,13 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: documentations
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
protocol: TCP

3
apps/drawings/yc-k8s-test/postgresql.yaml
View File

@ -91,8 +91,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

2
apps/eav/base/backend-deployment.yaml
View File

@ -89,7 +89,7 @@ spec:
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
volumeMounts: volumeMounts:

4
apps/eav/base/backend-service.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: backend-svc name: backend-service
namespace: eav namespace: eav
spec: spec:
type: ClusterIP type: ClusterIP
@ -10,6 +10,6 @@ spec:
app: backend app: backend
ports: ports:
- name: http - name: http
port: 80 port: 8000
targetPort: 8000 targetPort: 8000
protocol: TCP protocol: TCP

208
apps/eav/brusnika-stage/helmrelease.yaml
View File

@ -1,208 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: backend
namespace: eav
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_2460295f
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: eav-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: asset
mountPath:
_default: /server/assets/api/v0/views/asset.py
subPath:
_default: asset.py
readOnly:
_default: true
configMap:
name:
_default: asset
items:
- key: asset.py
path:
_default: asset.py
- name: permissions
mountPath:
_default: /server/core/permissions.py
subPath:
_default: permissions.py
readOnly:
_default: true
configMap:
name:
_default: permissions
items:
- key: permissions.py
path:
_default: permissions.py
- name: django-configmap
mountPath:
_default: /server/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: django-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: KAFKA_USERNAME
value:
_default: "sarex"
- name: KAFKA_SSL_CAFILE
value:
_default: "/usr/local/share/ca-certificates/kafka.crt"
- name: KAFKA_HOST
value:
_default: "brusnika-stage-kafka-bootstrap.kafka.svc.cluster.local:9093"
- name: ASSETS_TOPIC
value:
_default: "sarex"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: DJANGO_POSTGRES_HOST
value:
_default: "192.168.2.45"
- name: DJANGO_POSTGRES_DATABASE
value:
_default: "eav"
- name: YC_S3_ENDPOINT_URL
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: YC_S3_BUCKET_NAME
value:
_default: "eav"
secretEnvs:
- name: KAFKA_PASSWORD
secretName:
_default: "kafka-cred"
secretKey: "password"
- name: DJANGO_POSTGRES_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DJANGO_POSTGRES_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
- name: YC_S3_ACCESS_KEY_ID
secretName:
_default: "s3-secret"
secretKey: "login"
- name: YC_S3_SECRET_ACCESS_KEY
secretName:
_default: "s3-secret"
secretKey: "password"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/eav/brusnika-stage/kustomization.yaml
View File

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: eav
resources:
- helmrelease.yaml

3
apps/eav/yc-k8s-test/postgresql.yaml
View File

@ -91,8 +91,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

6
apps/faas/base/export-reviews.yaml
View File

@ -38,7 +38,7 @@ spec:
- name: DOCUMENTATIONS_HOST - name: DOCUMENTATIONS_HOST
value: https://sarex.contour.infra.sarex.tech/documentations value: https://sarex.contour.infra.sarex.tech/documentations
- name: EAV_HOST - name: EAV_HOST
value: http://backend-svc.eav.svc.cluster.local:80 value: http://eav-service.eav.svc.cluster.local:8000
- name: TRANSMITTALS_INTERNAL_HOST - name: TRANSMITTALS_INTERNAL_HOST
value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1 value: http://transmittal-service.transmittal.svc.cluster.local:80/internal/v1
- name: DJANGO_TIMEOUT - name: DJANGO_TIMEOUT
@ -58,7 +58,7 @@ spec:
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

14
apps/flows/base/backend-deployment.yaml
View File

@ -86,17 +86,17 @@ spec:
- name: CELERY_QUEUE - name: CELERY_QUEUE
value: flow value: flow
- name: EAV_HOST - name: EAV_HOST
value: http://backend-svc.eav.svc.cluster.local:80 value: http://eav-service.eav.svc.cluster.local:8000
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend-svc.django.svc.cluster.local:80/api value: http://backend-svc.django.svc.cluster.local:8000/api
- name: PLANNING_HOST - name: PLANNING_HOST
value: http://backend-svc.pm.svc.cluster.local:80/api/pm/msp value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp
- name: PLANNING_USE - name: PLANNING_USE
value: "True" value: "True"
- name: DOCUMENTATION_HOST - name: DOCUMENTATION_HOST
value: http://backend-api-svc.documentations.svc.cluster.local:80/internal/v1 value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1
- name: DOCUMENTATION_EXTERNAL_HOST - name: DOCUMENTATION_EXTERNAL_HOST
value: http://backend-api-svc.documentations.svc.cluster.local:80/api/v1 value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1
- name: ENABLE_ANALYTICS - name: ENABLE_ANALYTICS
value: "1" value: "1"
- name: ENABLE_CELERY - name: ENABLE_CELERY
@ -131,7 +131,7 @@ spec:
value: "60" value: "60"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

14
apps/flows/base/celery-deployment.yaml
View File

@ -86,17 +86,17 @@ spec:
- name: CELERY_QUEUE - name: CELERY_QUEUE
value: flow value: flow
- name: EAV_HOST - name: EAV_HOST
value: http://backend-svc.eav.svc.cluster.local:80 value: http://eav-service.eav.svc.cluster.local:8000
- name: DJANGO_HOST - name: DJANGO_HOST
value: http://backend-svc.django.svc.cluster.local:80/api value: http://backend-svc.django.svc.cluster.local:8000/api
- name: PLANNING_HOST - name: PLANNING_HOST
value: http://backend-service.pm.svc.cluster.local:80/api/pm/msp value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp
- name: PLANNING_USE - name: PLANNING_USE
value: "True" value: "True"
- name: DOCUMENTATION_HOST - name: DOCUMENTATION_HOST
value: http://backend-api-svc.documentations.svc.cluster.local:80/internal/v1 value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1
- name: DOCUMENTATION_EXTERNAL_HOST - name: DOCUMENTATION_EXTERNAL_HOST
value: http://backend-api-svc.documentations.svc.cluster.local:80/api/v1 value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1
- name: ENABLE_ANALYTICS - name: ENABLE_ANALYTICS
value: "1" value: "1"
- name: ENABLE_CELERY - name: ENABLE_CELERY
@ -131,7 +131,7 @@ spec:
value: "60" value: "60"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

2
apps/flows/base/frontend-deployment.yaml
View File

@ -26,7 +26,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

262
apps/flows/brusnika-stage/backend.yaml
View File

@ -1,262 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: backend
namespace: flows
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_42cf0e6e
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: backend-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: LOG_LEVEL
value:
_default: "DEBUG"
- name: BASE_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: CELERY_QUEUE
value:
_default: "flow"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000/api"
- name: DOCUMENTATION_HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/internal/v1"
- name: DOCUMENTATION_EXTERNAL_HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/api/v1"
- name: ENABLE_ANALYTICS
value:
_default: "1"
- name: ENABLE_CELERY
value:
_default: "1"
- name: ENABLE_MAILGUN
value:
_default: "0"
- name: ENABLE_METRICS
value:
_default: "0"
- name: FROM_EMAIL
value:
_default: "cde@brusnika.ru"
- name: GATEWAY_URL
value:
_default: "http://pdm-api.documentations.svc.cluster.local:8080"
- name: PG_HOST
value:
_default: "192.168.2.45"
- name: PG_PORT
value:
_default: "5432"
- name: RABBITMQ_HOST
value:
_default: "rabbitmq-service"
- name: RABBITMQ_PORT
value:
_default: "5672"
- name: DOCUMENTATION_PG_PORT
value:
_default: "5432"
- name: DOCUMENTATION_PG_DATABASE
value:
_default: "documentations"
- name: EAV_HOST
value:
_default: http://eav-service.eav.svc.cluster.local:8000
- name: DOCUMENTATION_PG_HOST
value:
_default: "postgres-service.documentations.svc.cluster.local"
- name: RESOURCE_URL
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: SERVICE_HOST
value:
_default: "https://test.sarex.brusnika.tech/flows/api/v1"
- name: SMTP_HOST
value:
_default: "smtp-relay.gmail.com"
- name: SMTP_PORT
value:
_default: "587"
- name: SYNC_RESOURCE_ID
value:
_default: "1"
- name: TIMEOUT
value:
_default: "120"
- name: WORKFLOWS_HOST
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1"
- name: WORKFLOWS_TIMEOUT
value:
_default: "60"
- name: DOCUMENTATION_TIMEOUT
value:
_default: "60"
secretEnvs:
- name: ADMIN_PANEL_SECRET_KEY
secretName:
_default: "admin-secret"
secretKey: "key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "jwt-secret"
secretKey: "public_key"
- name: DOCUMENTATION_PG_USERNAME
secretName:
_default: "postgres-secret-documentations"
secretKey: "username"
- name: DOCUMENTATION_PG_PASSWORD
secretName:
_default: "postgres-secret-documentations"
secretKey: "password"
- name: DJANGO_TOKEN
secretName:
_default: "django-secret"
secretKey: "token"
- name: PG_DB
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: PG_LOGIN
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: PG_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: RABBITMQ_USERNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

260
apps/flows/brusnika-stage/celery.yaml
View File

@ -1,260 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: celery
namespace: flows
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/flows-backend_worker:production_42cf0e6e
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: celery
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: backend-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: LOG_LEVEL
value:
_default: "DEBUG"
- name: BASE_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: CELERY_QUEUE
value:
_default: "flow"
- name: DJANGO_HOST
value:
_default: "http://backend.django.svc.cluster.local:8000/api"
- name: DOCUMENTATION_HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/internal/v1"
- name: DOCUMENTATION_EXTERNAL_HOST
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080/api/v1"
- name: ENABLE_ANALYTICS
value:
_default: "1"
- name: ENABLE_CELERY
value:
_default: "1"
- name: ENABLE_MAILGUN
value:
_default: "0"
- name: ENABLE_METRICS
value:
_default: "0"
- name: FROM_EMAIL
value:
_default: "cde@brusnika.ru"
- name: GATEWAY_URL
value:
_default: "http://pdm-api.documentations.svc.cluster.local:8080"
- name: PG_HOST
value:
_default: "192.168.2.45"
- name: PG_PORT
value:
_default: "5432"
- name: RABBITMQ_HOST
value:
_default: "rabbitmq-service"
- name: RABBITMQ_PORT
value:
_default: "5672"
- name: DOCUMENTATION_PG_PORT
value:
_default: "5432"
- name: DOCUMENTATION_PG_DATABASE
value:
_default: "documentations"
- name: DOCUMENTATION_PG_HOST
value:
_default: "postgres-service.documentations.svc.cluster.local"
- name: RESOURCE_URL
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: SERVICE_HOST
value:
_default: "https://test.sarex.brusnika.tech/flows/api/v1"
- name: SMTP_HOST
value:
_default: "smtp-relay.gmail.com"
- name: SMTP_PORT
value:
_default: "587"
- name: SYNC_RESOURCE_ID
value:
_default: "1"
- name: TIMEOUT
value:
_default: "120"
- name: WORKFLOWS_HOST
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1"
- name: WORKFLOWS_TIMEOUT
value:
_default: "60"
- name: DOCUMENTATION_TIMEOUT
value:
_default: "60"
secretEnvs:
- name: ADMIN_PANEL_SECRET_KEY
secretName:
_default: "admin-secret"
secretKey: "key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "jwt-secret"
secretKey: "public_key"
- name: DOCUMENTATION_PG_USERNAME
secretName:
_default: "postgres-secret-documentations"
secretKey: "username"
- name: DOCUMENTATION_PG_PASSWORD
secretName:
_default: "postgres-secret-documentations"
secretKey: "password"
- name: DJANGO_TOKEN
secretName:
_default: "django-secret"
secretKey: "token"
- name: PG_DB
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: PG_LOGIN
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: PG_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: RABBITMQ_USERNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

93
apps/flows/brusnika-stage/frontend.yaml
View File

@ -1,93 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: frontend
namespace: django
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_55af772e
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

8
apps/flows/brusnika-stage/kustomization.yaml
View File

@ -1,8 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flows
resources:
- frontend.yaml
- backend.yaml
- celery.yaml

3
apps/flows/yc-k8s-test/postgresql.yaml
View File

@ -91,8 +91,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

4
apps/inspections/base/backend-deployment.yaml
View File

@ -114,7 +114,7 @@ spec:
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/inspections/yc-k8s-test/postgresql.yaml
View File

@ -89,10 +89,6 @@ spec:
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 6 failureThreshold: 6
resources:
requests:
cpu: 50m
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

24
apps/issues/base/backend-deployment.yaml
View File

@ -100,33 +100,33 @@ spec:
- name: ENVIRONMENT - name: ENVIRONMENT
value: production value: production
- name: AERO_PUBLIC_HOST - name: AERO_PUBLIC_HOST
value: https://sarex.contour.infra.sarex.tech value: https://srx.wb.ru
- name: AERO_HOST - name: AERO_HOST
value: https://sarex.contour.infra.sarex.tech value: https://srx.wb.ru
- name: BASE_AERO_URL - name: BASE_AERO_URL
value: https://sarex.contour.infra.sarex.tech value: https://srx.wb.ru
- name: BASE_AUTH_URL - name: BASE_AUTH_URL
value: http://backend-svc.django.svc.cluster.local:80 value: http://backend-svc.django.svc.cluster.local:8000
- name: WORKFLOWS_HOST - name: WORKFLOWS_HOST
value: http://backend-svc.workflow.svc.cluster.local:80 value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: WORKFLOWS_URL - name: WORKFLOWS_URL
value: http://backend-svc.workflow.svc.cluster.local:80 value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: RESOURCES_API_HOST - name: RESOURCES_API_HOST
value: http://backend-svc.resources.svc.cluster.local:80 value: http://resources-service.resources.svc.cluster.local:8000
- name: EAV_HOST - name: EAV_HOST
value: http://backend-svc.eav.svc.cluster.local:80 value: http://eav-service.eav.svc.cluster.local:8000
- name: SAREX_API - name: SAREX_API
value: https://sarex.contour.infra.sarex.tech value: https://srx.wb.ru
- name: DOCUMENTATIONS_URL - name: DOCUMENTATIONS_URL
value: http://documentations-api-svc.documentations.svc.cluster.local:80 value: http://documentations-api.documentations.svc.cluster.local:8080
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: API_ADDRESS - name: API_ADDRESS
value: "8000" value: "8000"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
volumeMounts: volumeMounts:
- name: production-configmap - name: production-configmap
mountPath: /src/config/settings/production.py mountPath: /src/config/settings/production.py

12
apps/issues/base/celery-deployment.yaml
View File

@ -106,27 +106,27 @@ spec:
- name: BASE_AERO_URL - name: BASE_AERO_URL
value: https://srx.wb.ru value: https://srx.wb.ru
- name: BASE_AUTH_URL - name: BASE_AUTH_URL
value: http://backend-svc.django.svc.cluster.local:80 value: http://backend-svc.django.svc.cluster.local:8000
- name: WORKFLOWS_HOST - name: WORKFLOWS_HOST
value: http://workflows-api-service.workflow.svc.cluster.local:8000 value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: WORKFLOWS_URL - name: WORKFLOWS_URL
value: http://workflows-api-service.workflow.svc.cluster.local:8000 value: http://workflows-api-service.workflow.svc.cluster.local:8000
- name: RESOURCES_API_HOST - name: RESOURCES_API_HOST
value: http://backend-svc.resources.svc.cluster.local:80 value: http://resources-service.resources.svc.cluster.local:8000
- name: EAV_HOST - name: EAV_HOST
value: http://backend-svc.eav.svc.cluster.local:80 value: http://eav-service.eav.svc.cluster.local:8000
- name: SAREX_API - name: SAREX_API
value: https://srx.wb.ru value: https://srx.wb.ru
- name: DOCUMENTATIONS_URL - name: DOCUMENTATIONS_URL
value: http://backend-api-svc.documentations.svc.cluster.local:80 value: http://documentations-api.documentations.svc.cluster.local:8080
- name: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE
value: config.settings.production value: config.settings.production
- name: API_ADDRESS - name: API_ADDRESS
value: "8000" value: "8000"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 1Gi
volumeMounts: volumeMounts:
- name: production-configmap - name: production-configmap
mountPath: /src/config/settings/production.py mountPath: /src/config/settings/production.py

2
apps/issues/base/frontend-deployment.yaml
View File

@ -26,7 +26,7 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
memory: 100Mi memory: 100Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

8
apps/issues/base/production-configmap.yaml
View File

@ -40,7 +40,7 @@ data:
DEBUG = False DEBUG = False
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
REVIEW_HOST='http://backend-svc.flows.svc.cluster.local:80' REVIEW_HOST='http://backend-service.flows.svc.cluster.local:8000'
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# EXTERNAL SERVICES END # EXTERNAL SERVICES END
@ -60,10 +60,6 @@ data:
USE_NOTIFICATIONS = True USE_NOTIFICATIONS = True
# JWT SETTINGS START # JWT SETTINGS START
if not os.environ.get("JWT_PRIVATE_KEY"):
os.environ["JWT_PRIVATE_KEY"] = _read_secret_file("/vault/secrets/django-jwt-private")
if not os.environ.get("JWT_PUBLIC_KEY"):
os.environ["JWT_PUBLIC_KEY"] = _read_secret_file("/vault/secrets/django-jwt-public")
# --------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------
SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer") SIMPLE_JWT_ISSUER = os.getenv("SIMPLE_JWT_ISSUER", default="default_issuer")
@ -126,7 +122,7 @@ data:
AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API) AERO_PUBLIC_HOST = os.getenv("AERO_PUBLIC_HOST", default=SAREX_API)
BASE_AERO_URL = "http://backend-svc.django.svc.cluster.local:80" BASE_AERO_URL = "http://backend-svc.django.svc.cluster.local:8000"
ENVIRONMENT = "production" ENVIRONMENT = "production"

262
apps/issues/brusnika-stage/backend.yaml
View File

@ -1,262 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: issues
namespace: issues
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/issues:production_f1b6c05c
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: issues
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: issues-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: uwsgi-configmap
mountPath:
_default: /opt/server/uwsgi.ini
subPath:
_default: uwsgi.ini
readOnly:
_default: true
configMap:
name:
_default: uwsgi-configmap
items:
- key: uwsgi.ini
path:
_default: uwsgi.ini
- name: production-configmap
mountPath:
_default: /src/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: production-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: ENVIRONMENT
value:
_default: "production"
- name: AERO_PUBLIC_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: AERO_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: BASE_AERO_URL
value:
_default: "https://test.sarex.brusnika.tech"
- name: BASE_AUTH_URL
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: WORKFLOWS_HOST
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000"
- name: WORKFLOWS_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000"
- name: RESOURCES_API_HOST
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: EAV_HOST
value:
_default: "http://eav-service.eav.svc.cluster.local:8000"
- name: SAREX_API
value:
_default: "https://test.sarex.brusnika.tech"
- name: DOCUMENTATIONS_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: DATABASE_HOST
value:
_default: "192.168.2.45"
- name: DATABASE_PORT
value:
_default: "5432"
- name: API_ADDRESS
value:
_default: "8000"
- name: RABBITMQ_HOSTNAME
value:
_default: "rabbitmq-service:5672"
secretEnvs:
- name: YC_S3_ACCESS_KEY_ID
secretName:
_default: "yc-s3-secret"
secretKey: "key_id"
- name: YC_S3_SECRET_ACCESS_KEY
secretName:
_default: "yc-s3-secret"
secretKey: "access_key"
- name: YC_S3_BUCKET_NAME
secretName:
_default: "yc-s3-secret"
secretKey: "storage_bucket_name"
- name: YC_S3_ENDPOINT_URL
secretName:
_default: "yc-s3-secret"
secretKey: "endpoint_url"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: SAREX_USERNAME
secretName:
_default: "sarex-auth"
secretKey: "username"
- name: SAREX_PASSWORD
secretName:
_default: "sarex-auth"
secretKey: "password"
- name: DATABASE_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DATABASE_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DATABASE_NAME
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: RABBITMQ_USERNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

273
apps/issues/brusnika-stage/celery.yaml
View File

@ -1,273 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: celery
namespace: issues
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/issues:production_f1b6c05c
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: celery
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
command:
_default:
- celery
- '-A'
- config
- worker
- '-l'
- info
- '-E'
- '--concurrency=2'
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: false
name:
_default: celery-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: uwsgi-configmap
mountPath:
_default: /opt/server/uwsgi.ini
subPath:
_default: uwsgi.ini
readOnly:
_default: true
configMap:
name:
_default: uwsgi-configmap
items:
- key: uwsgi.ini
path:
_default: uwsgi.ini
- name: production-configmap
mountPath:
_default: /src/config/settings/production.py
subPath:
_default: production.py
readOnly:
_default: true
configMap:
name:
_default: production-configmap
items:
- key: production.py
path:
_default: production.py
labels:
monitoring: prometheus
envs:
- name: ENVIRONMENT
value:
_default: "production"
- name: AERO_PUBLIC_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: AERO_HOST
value:
_default: "https://test.sarex.brusnika.tech"
- name: BASE_AERO_URL
value:
_default: "https://test.sarex.brusnika.tech"
- name: BASE_AUTH_URL
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: WORKFLOWS_HOST
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000"
- name: WORKFLOWS_URL
value:
_default: "http://workflows-api-service.workflow.svc.cluster.local:8000"
- name: RESOURCES_API_HOST
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: EAV_HOST
value:
_default: "http://eav-service.eav.svc.cluster.local:8000"
- name: SAREX_API
value:
_default: "https://test.sarex.brusnika.tech"
- name: DOCUMENTATIONS_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: DJANGO_SETTINGS_MODULE
value:
_default: "config.settings.production"
- name: DATABASE_HOST
value:
_default: "192.168.2.45"
- name: DATABASE_PORT
value:
_default: "5432"
- name: API_ADDRESS
value:
_default: "8000"
- name: RABBITMQ_HOSTNAME
value:
_default: "rabbitmq-service:5672"
secretEnvs:
- name: YC_S3_ACCESS_KEY_ID
secretName:
_default: "yc-s3-secret"
secretKey: "key_id"
- name: YC_S3_SECRET_ACCESS_KEY
secretName:
_default: "yc-s3-secret"
secretKey: "access_key"
- name: YC_S3_BUCKET_NAME
secretName:
_default: "yc-s3-secret"
secretKey: "storage_bucket_name"
- name: YC_S3_ENDPOINT_URL
secretName:
_default: "yc-s3-secret"
secretKey: "endpoint_url"
- name: DJANGO_BASIC_AUTH
secretName:
_default: "django-auth"
secretKey: "key"
- name: SAREX_USERNAME
secretName:
_default: "sarex-auth"
secretKey: "username"
- name: SAREX_PASSWORD
secretName:
_default: "sarex-auth"
secretKey: "password"
- name: DATABASE_USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: DATABASE_PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: DATABASE_NAME
secretName:
_default: "postgres-secret"
secretKey: "database"
- name: RABBITMQ_VHOST
secretName:
_default: "rabbitmq-secret"
secretKey: "vhost"
- name: RABBITMQ_USERNAME
secretName:
_default: "rabbitmq-secret"
secretKey: "username"
- name: RABBITMQ_PASSWORD
secretName:
_default: "rabbitmq-secret"
secretKey: "password"
- name: JWT_PRIVATE_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_private.key"
- name: JWT_PUBLIC_KEY
secretName:
_default: "backend-secret"
secretKey: "ssh_public.key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

93
apps/issues/brusnika-stage/frontend.yaml
View File

@ -1,93 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: static
namespace: issues
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:893c9953
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: static
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: static-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

8
apps/issues/brusnika-stage/kustomization.yaml
View File

@ -1,8 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: issues
resources:
- frontend.yaml
- backend.yaml
- celery.yaml

3
apps/issues/yc-k8s-test/postgresql.yaml
View File

@ -91,8 +91,7 @@ spec:
failureThreshold: 6 failureThreshold: 6
resources: resources:
requests: requests:
cpu: 50m memory: 512Mi
memory: 128Mi
nodeSelector: nodeSelector:
dedicated: db dedicated: db
tolerations: tolerations:

2
apps/mapper/base/deployment.yaml
View File

@ -99,7 +99,7 @@ spec:
value: "120" value: "120"
resources: resources:
requests: requests:
cpu: "25m" cpu: "1"
memory: 128Mi memory: 128Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

4
apps/mapper/base/service.yaml
View File

@ -2,13 +2,13 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: backend-svc name: backend-service
namespace: mapper namespace: mapper
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app: backend app: backend
ports: ports:
- port: 80 - port: 8000
targetPort: 8000 targetPort: 8000
protocol: TCP protocol: TCP

137
apps/mapper/brusnika-stage/helmrelease.yaml
View File

@ -1,137 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: mapper
namespace: mapper
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/mapper:prod_b0d05a34
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: backend
stage: mapper-backend
preprod: backend
production: backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
resources:
limits:
cpu:
_default: "2.0"
memory:
_default: 512Mi
requests:
cpu:
_default: "1.0"
memory:
_default: 128Mi
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: backend-service
stage: mapper-backend-service
preprod: backend-service
production: backend-service
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: dockerhub
labels:
monitoring: prometheus
envs:
- name: DOCUMENTATION_HOST
value:
_default: https://test.sarex.brusnika.tech/documentations/api/v1
- name: FLOW_HOST
value:
_default: https://test.sarex.brusnika.tech/flows/api/v1
- name: DJANGO_HOST
value:
_default: https://test.sarex.brusnika.tech/api
- name: NOTE_HOST
value:
_default: https://test.sarex.brusnika.tech/notes/api/v1
- name: REDIS_USE
value:
_default: "0"
- name: TIMEOUT
value:
_default: "120"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/mapper/brusnika-stage/kustomization.yaml
View File

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: mapper
resources:
- helmrelease.yaml

4
apps/measurements/base/deployment.yaml
View File

@ -49,7 +49,7 @@ spec:
value: "false" value: "false"
resources: resources:
requests: requests:
cpu: 25m cpu: 500m
memory: 128Mi memory: 512Mi
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred

Some files were not shown because too many files have changed in this diff Show More