diff --git a/apps/bim/yc-k8s-test/postgresql.yaml b/apps/bim/yc-k8s-test/postgresql.yaml index bb424a6..0b8eea0 100644 --- a/apps/bim/yc-k8s-test/postgresql.yaml +++ b/apps/bim/yc-k8s-test/postgresql.yaml @@ -44,7 +44,7 @@ spec: image: registry: cr.yandex/crp3ccidau046kdj8g9q repository: contour/postgresql - tag: 17.0.2 + tag: 13.0.7 pullPolicy: Always metrics: enabled: false diff --git a/apps/processing/base/api-deployment.yaml b/apps/processing/base/api-deployment.yaml new file mode 100644 index 0000000..4c0fe72 --- /dev/null +++ b/apps/processing/base/api-deployment.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflows-api + namespace: processing + labels: + app: workflows-api + service: workflows-api +spec: + replicas: 1 + selector: + matchLabels: + app: workflows-api + template: + metadata: + labels: + app: workflows-api + service: workflows-api + spec: + volumes: + defaultMode: 420 + containers: + - name: workflows-api + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_9ae8865a + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "3" + - name: HTTP_HOST + value: 0.0.0.0:8080 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: ENABLE_SQL_QUERY + value: "0" + - name: POSTGRES_SSL_USE + value: "0" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/api-service.yaml b/apps/processing/base/api-service.yaml new file mode 100644 index 0000000..6b29d65 --- /dev/null +++ b/apps/processing/base/api-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: processing +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/processing/base/engine-low.yaml b/apps/processing/base/engine-low.yaml new file mode 100644 index 0000000..beaf971 --- /dev/null +++ b/apps/processing/base/engine-low.yaml @@ -0,0 +1,243 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: engine-low + namespace: processing + labels: + app: engine-low + service: engine-low +spec: + replicas: 1 + selector: + matchLabels: + app: engine-low + template: + metadata: + labels: + app: engine-low + service: engine-low + spec: + volumes: + - name: yc-s3 + secret: + defaultMode: 420 + secretName: yc-s3 + - name: django-auth + secret: + defaultMode: 420 + secretName: django-auth + - name: smtp-secret + secret: + defaultMode: 420 + secretName: smtp-secret + containers: + - name: engine-low + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-engine:prod_b6e15fda + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ENVIRONMENT + value: prod + - name: WORKFLOWS_SENTRY_DSN + value: https://866b532efdbb4764a7551b76231232fc@o279218.ingest.sentry.io/543123 + - name: WORKFLOWS_SENTRY_DEBUG + value: "0" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + - name: RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: BIM_API_V2_DB + value: /etc/sarex/bim-api-v2-db-prod.json + - name: PDM_API_DB + value: /etc/pdm/pdm-api-db-prod.json + - name: WORKSPACE_API_DB + value: /etc/ws/ws-api-db-prod.json + - name: ISSUE_API_DB + value: /etc/issues/issue-api-db-prod.json + - name: MAILGUN + value: /etc/mailgun-secret/env.json + - name: SMTP + value: /etc/smtp-secret/smtp.json + - name: INTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: INTERNAL_FILESTREAM_URL + value: http://documentations-filestream.documentations.svc.cluster.local:8080 + - name: EXTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: EXTERNAL_FILESTREAM_URL + value: http://documentations-filestream-service.documentations.svc.cluster.local:8080 + - name: RESOURCES_API_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_S3_STORAGE + value: "1" + - name: ENABLE_S3V2_STORAGE + value: "1" + - name: ENABLE_PDM_STORAGE + value: "1" + - name: ENABLE_SMTP + value: "1" + - name: ENABLE_URL_STORAGE + value: "1" + - name: ENABLE_SRX_TMP + value: "1" + - name: ENABLE_BIM_API_V2_DB + value: "1" + - name: ENABLE_WORKSPACE_API_DB + value: "1" + - name: ENABLE_ISSUE_API_DB + value: "1" + - name: ENABLE_RESOURCES_API + value: "1" + - name: ENABLE_PDM_API_DB + value: "1" + - name: ENABLE_COMPARISONS_API_DB + value: "1" + - name: ENABLE_MAIL_GUN + value: "1" + - name: ENABLE_AMQP_EXECUTOR + value: "0" + - name: ENABLE_KUBERNETES_EXECUTOR + value: "1" + - name: MAX_WORKFLOWS_LIMIT + value: "5" + - name: CPU_COUNT + value: "1" + - name: MEMORY_GI + value: "1" + - name: CPU_COUNT_LOW_RESOURCES + value: "1" + - name: MEMORY_GI_LOW_RESOURCES + value: "1" + - name: CPU_COUNT_HIGH_MEM + value: "1" + - name: MEMORY_GI_HIGH_MEM + value: "1" + - name: ENABLE_TOLERATION + value: "1" + - name: COUNT_RUNNING_WORKERS + value: "1" + - name: COUNT_CANCELING_WORKERS + value: "1" + - name: COUNT_HANDLE_JOB_WORKERS + value: "1" + - name: BIM_API_DEBUG + value: "0" + - name: BIM_API_V2_DEBUG + value: "0" + - name: PDM_API_DEBUG + value: "0" + - name: COMPARISONS_API_DEBUG + value: "0" + - name: WORKSPACE_API_DEBUG + value: "0" + - name: JOBS_NAMESPACE + value: workflow + - name: ISSUE_API_DEBUG + value: "0" + - name: TOLERATION_KEY + value: dedicated + - name: TOLERATION_VALUE + value: processing-light + - name: TOLERATION_KEY_HIGH_MEM + value: dedicated + - name: TOLERATION_VALUE_HIGH_MEM + value: processing-light + - name: TOLERATION_KEY_PERSISTENT + value: dedicated + - name: TOLERATION_VALUE_PERSISTENT + value: processing-light + - name: RABBITMQ_CREATE_EXCHANGE + value: autodesk.inputMessage + - name: RABBITMQ_CANCEL_EXCHANGE + value: autodesk.cancelMessage + - name: RABBITMQ_CREATE_ROUTING_KEY + value: converting + - name: RABBITMQ_CANCEL_TOPIC + value: cancel + - name: RABBITMQ_COMPLETENESS_EXCHANGE + value: autodesk.outputMessage + - name: RABBITMQ_COMPLETENESS_TOPIC + value: output_navis + - name: CONTROL_PLANE_PERIOD + value: 10s + - name: WORKFLOW_PRIORITY + value: low + - name: ENABLE_TOLERATION + value: "1" + - name: DEFAULT_TOLERATION_KEY + value: dedicated + - name: DEFAULT_TOLERATION_VALUE + value: processing-light + - name: DEFAULT_NODE_SELECTOR_KEY + value: dedicated + - name: DEFAULT_NODE_SELECTOR_VALUE + value: processing-light + + resources: + requests: + cpu: "1" + memory: 1Gi + + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/engine.yaml b/apps/processing/base/engine.yaml new file mode 100644 index 0000000..30d4639 --- /dev/null +++ b/apps/processing/base/engine.yaml @@ -0,0 +1,240 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: engine + namespace: processing + labels: + app: engine + service: engine + replicas: 1 + selector: + matchLabels: + app: engine + template: + metadata: + labels: + app: engine + service: engine + spec: + volumes: + - name: yc-s3 + secret: + defaultMode: 420 + secretName: yc-s3 + - name: django-auth + secret: + defaultMode: 420 + secretName: django-auth + - name: smtp-secret + secret: + defaultMode: 420 + secretName: smtp-secret + containers: + - name: engine + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-engine:prod_b6e15fda + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ENVIRONMENT + value: prod + - name: WORKFLOWS_SENTRY_DSN + value: https://866b532efdbb4764a7551b76231232fc@o279218.ingest.sentry.io/543123 + - name: WORKFLOWS_SENTRY_DEBUG + value: "0" + - name: API_ADDRESS + value: 0.0.0.0:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3/yc-s3-service-account.json + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: host + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + - name: RABBITMQ_USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: BIM_API_V2_DB + value: /etc/sarex/bim-api-v2-db-prod.json + - name: PDM_API_DB + value: /etc/pdm/pdm-api-db-prod.json + - name: WORKSPACE_API_DB + value: /etc/ws/ws-api-db-prod.json + - name: ISSUE_API_DB + value: /etc/issues/issue-api-db-prod.json + - name: MAILGUN + value: /etc/mailgun-secret/env.json + - name: SMTP + value: /etc/smtp-secret/smtp.json + - name: INTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: INTERNAL_FILESTREAM_URL + value: http://documentations-filestream.documentations.svc.cluster.local:8080 + - name: EXTERNAL_PDM_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: EXTERNAL_FILESTREAM_URL + value: http://documentations-filestream-service.documentations.svc.cluster.local:8080 + - name: RESOURCES_API_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_S3_STORAGE + value: "1" + - name: ENABLE_S3V2_STORAGE + value: "1" + - name: ENABLE_PDM_STORAGE + value: "1" + - name: ENABLE_SMTP + value: "1" + - name: ENABLE_URL_STORAGE + value: "1" + - name: ENABLE_SRX_TMP + value: "1" + - name: ENABLE_BIM_API_V2_DB + value: "1" + - name: ENABLE_WORKSPACE_API_DB + value: "1" + - name: ENABLE_ISSUE_API_DB + value: "1" + - name: ENABLE_RESOURCES_API + value: "1" + - name: ENABLE_PDM_API_DB + value: "1" + - name: ENABLE_COMPARISONS_API_DB + value: "1" + - name: ENABLE_MAIL_GUN + value: "1" + - name: ENABLE_AMQP_EXECUTOR + value: "0" + - name: ENABLE_KUBERNETES_EXECUTOR + value: "1" + - name: MAX_WORKFLOWS_LIMIT + value: "5" + - name: CPU_COUNT + value: "1" + - name: MEMORY_GI + value: "1" + - name: CPU_COUNT_LOW_RESOURCES + value: "1" + - name: MEMORY_GI_LOW_RESOURCES + value: "1" + - name: CPU_COUNT_HIGH_MEM + value: "1" + - name: MEMORY_GI_HIGH_MEM + value: "1" + - name: ENABLE_TOLERATION + value: "1" + - name: COUNT_RUNNING_WORKERS + value: "1" + - name: COUNT_CANCELING_WORKERS + value: "1" + - name: COUNT_HANDLE_JOB_WORKERS + value: "1" + - name: BIM_API_DEBUG + value: "0" + - name: BIM_API_V2_DEBUG + value: "0" + - name: PDM_API_DEBUG + value: "0" + - name: COMPARISONS_API_DEBUG + value: "0" + - name: WORKSPACE_API_DEBUG + value: "0" + - name: JOBS_NAMESPACE + value: workflow + - name: ISSUE_API_DEBUG + value: "0" + - name: TOLERATION_KEY + value: dedicated + - name: TOLERATION_VALUE + value: processing-light + - name: TOLERATION_KEY_HIGH_MEM + value: dedicated + - name: TOLERATION_VALUE_HIGH_MEM + value: processing-light + - name: TOLERATION_KEY_PERSISTENT + value: dedicated + - name: TOLERATION_VALUE_PERSISTENT + value: processing-light + - name: RABBITMQ_CREATE_EXCHANGE + value: autodesk.inputMessage + - name: RABBITMQ_CANCEL_EXCHANGE + value: autodesk.cancelMessage + - name: RABBITMQ_CREATE_ROUTING_KEY + value: converting + - name: RABBITMQ_CANCEL_TOPIC + value: cancel + - name: RABBITMQ_COMPLETENESS_EXCHANGE + value: autodesk.outputMessage + - name: RABBITMQ_COMPLETENESS_TOPIC + value: output_navis + - name: CONTROL_PLANE_PERIOD + value: 10s + - name: ENABLE_TOLERATION + value: "1" + - name: DEFAULT_TOLERATION_KEY + value: dedicated + - name: DEFAULT_TOLERATION_VALUE + value: processing-light + - name: DEFAULT_NODE_SELECTOR_KEY + value: dedicated + - name: DEFAULT_NODE_SELECTOR_VALUE + value: processing-light + + resources: + requests: + cpu: "1" + memory: 1Gi + + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/frontend-deployment.yaml b/apps/processing/base/frontend-deployment.yaml new file mode 100644 index 0000000..0ec40a1 --- /dev/null +++ b/apps/processing/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: processing + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/workflows-frontend:wb_ebc15427 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/processing/base/frontend-service.yaml b/apps/processing/base/frontend-service.yaml new file mode 100644 index 0000000..024ea55 --- /dev/null +++ b/apps/processing/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: processing +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/processing/base/kustomization.yaml b/apps/processing/base/kustomization.yaml new file mode 100644 index 0000000..aeeb0d0 --- /dev/null +++ b/apps/processing/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: processing +resources: + - namespace.yaml + - api-deployment.yaml + - engine-low.yaml + - engine.yaml + - frontend-deployment.yaml + - api-service.yaml + - frontend-service.yaml diff --git a/apps/processing/base/namespace.yaml b/apps/processing/base/namespace.yaml new file mode 100644 index 0000000..2068fd3 --- /dev/null +++ b/apps/processing/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: processing + labels: + istio-injection: enabled diff --git a/apps/processing/yc-k8s-test/kustomization.yaml b/apps/processing/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/processing/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/processing/yc-k8s-test/postgresql.yaml b/apps/processing/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..0483f00 --- /dev/null +++ b/apps/processing/yc-k8s-test/postgresql.yaml @@ -0,0 +1,111 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: processing +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: workflow_db + user: workflow + extensions: + - uuid-ossp + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index b48b739..f284992 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -34,4 +34,5 @@ resources: - ../../apps/issues/yc-k8s-test - ../../apps/documentations/yc-k8s-test - ../../apps/bim/yc-k8s-test - - ../../apps/django/yc-k8s-test \ No newline at end of file + - ../../apps/django/yc-k8s-test + - ../../apps/processing/yc-k8s-test \ No newline at end of file