From 0e8d765ed6f616a033348cfb8f6358f7ae73508f Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 5 Jun 2026 17:25:44 +0500 Subject: [PATCH 1/7] ++ --- apps/transmittal/brusnika-stage/backend.yaml | 379 +++++++++++++++++ apps/transmittal/brusnika-stage/frontend.yaml | 94 +++++ .../brusnika-stage/kustomization.yaml | 8 + apps/transmittal/brusnika-stage/worker.yaml | 387 ++++++++++++++++++ clusters/brusnika-stage/kustomization.yaml | 3 +- 5 files changed, 870 insertions(+), 1 deletion(-) create mode 100644 apps/transmittal/brusnika-stage/backend.yaml create mode 100644 apps/transmittal/brusnika-stage/frontend.yaml create mode 100644 apps/transmittal/brusnika-stage/kustomization.yaml create mode 100644 apps/transmittal/brusnika-stage/worker.yaml diff --git a/apps/transmittal/brusnika-stage/backend.yaml b/apps/transmittal/brusnika-stage/backend.yaml new file mode 100644 index 0000000..2451860 --- /dev/null +++ b/apps/transmittal/brusnika-stage/backend.yaml @@ -0,0 +1,379 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: transmittal + namespace: transmittal + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + + values: + global: + env: _default + + services: + backend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/transmittal-api:prod_d94cce67 + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: transmittal + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 8000 + + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: transmittal-service + + type: + _default: ClusterIP + + port: + _default: 80 + + targetPort: + _default: 8000 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + + labels: + monitoring: prometheus + envs: + - name: TRANSMITTAL_SERVICE_APP__NAME + value: + _default: "Transmittal Service" + + - name: TRANSMITTAL_SERVICE_APP__LOG_LEVEL + value: + _default: "ERROR" + + - name: TRANSMITTAL_SERVICE_APP__HOST + value: + _default: "https://test.sarex.brusnika.tech/transmittal" + + - name: TRANSMITTAL_SERVICE_APP__ENVIRONMENT + value: + _default: "prod" + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_ORIGINS + value: + _default: '["*"]' + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_METHODS + value: + _default: '["*"]' + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_HEADERS + value: + _default: '["*"]' + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_CREDENTIALS + value: + _default: "true" + + - name: TRANSMITTAL_SERVICE_UVICORN__HOST + value: + _default: "0.0.0.0" + + - name: TRANSMITTAL_SERVICE_UVICORN__PORT + value: + _default: "8000" + + - name: TRANSMITTAL_SERVICE_UVICORN__ENABLE_AUTO_RELOAD + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_OTEL__ENABLE + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_OTEL__HOST + value: + _default: "http://signoz-otel-collector-external.signoz.svc.cluster.local:4317" + + - name: TRANSMITTAL_SERVICE_OTEL__SERVICE_NAME + value: + _default: "backend.transmittals-prod" + + - name: TRANSMITTAL_SERVICE_OTEL__INSECURE + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_MODE + value: + _default: "verify-full" + + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_ROOT_CERT_PATH + value: + _default: "/opt/.postgresql/root.crt" + + - name: TRANSMITTAL_SERVICE_UVICORN__LOG_LEVEL + value: + _default: "info" + + - name: TRANSMITTAL_SERVICE_UVICORN__NUM_WORKERS + value: + _default: "2" + + - name: TRANSMITTAL_SERVICE_UVICORN__ROOT_PATH + value: + _default: "" + + - name: TRANSMITTAL_SERVICE_DATABASE__HOST + value: + _default: "192.168.2.45" + + - name: TRANSMITTAL_SERVICE_DATABASE__PORT + value: + _default: "5432" + + - name: TRANSMITTAL_SERVICE_DATABASE__NAME + value: + _default: "transmittal_db" + + - name: TRANSMITTAL_SERVICE_DATABASE__ENABLE_SSL + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__VHOST + value: + _default: "api" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__HOST + value: + _default: "rabbitmq-service" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__PORT + value: + _default: "5672" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASE_URL + value: + _default: "http://backend.django.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__BASE_URL + value: + _default: "http://resources-service.resources.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__BASE_URL + value: + _default: "http://documentations-api.documentations.svc.cluster.local:8080" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__MAX_POOL_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__CONNECT_TIMEOUT + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__READ_TIMEOUT + value: + _default: "50" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__REGION_NAME + value: + _default: "ru-central1" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__VERIFY + value: + _default: "true" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__DEFAULT_BUCKET + value: + _default: "transmittal-storage" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ENDPOINT + value: + _default: "minio-service.minio.svc.cluster.local:9000" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__USE_SSL + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__BASE_URL + value: + _default: "http://export-project-service.django.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__TIMEOUT + value: + _default: "50" + + - name: TRANSMITTAL_SERVICE_MARKINGS__BASE_URL + value: + _default: "http://marks-service.documentations.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_MARKINGS__TIMEOUT + value: + _default: "50" + + - name: TRANSMITTAL_SERVICE_MAILGUN__BASE_URL + value: + _default: "https://api.mailgun.net/v3/mg.sarex.io" + + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_MAILGUN__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_MAILGUN__EMAIL + value: + _default: "hello@wb.io" + secretEnvs: + - name: TRANSMITTAL_SERVICE_DATABASE__USER + secretName: + _default: "postgres-secret" + secretKey: "username" + + - name: TRANSMITTAL_SERVICE_DATABASE__PASSWORD + secretName: + _default: "postgres-secret" + secretKey: "password" + + - name: TRANSMITTAL_SERVICE_AUTH__PUBLIC_KEY + secretName: + _default: "public-key" + secretKey: "key" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASIC_AUTH_ENCODED + secretName: + _default: "django-auth" + secretKey: "key" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ACCESS_KEY + secretName: + _default: "s3-secret" + secretKey: "access_key" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__SECRET_KEY + secretName: + _default: "s3-secret" + secretKey: "secret_key" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__USER + secretName: + _default: "rabbitmq-cred" + secretKey: "username" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__PASSWORD + secretName: + _default: "rabbitmq-cred" + secretKey: "password" + + - name: TRANSMITTAL_SERVICE_MAILGUN__API_KEY + secretName: + _default: "mailgun-cred" + secretKey: "api_key" + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" \ No newline at end of file diff --git a/apps/transmittal/brusnika-stage/frontend.yaml b/apps/transmittal/brusnika-stage/frontend.yaml new file mode 100644 index 0000000..1fe059a --- /dev/null +++ b/apps/transmittal/brusnika-stage/frontend.yaml @@ -0,0 +1,94 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: transmittal-frontend-static + namespace: transmittal + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + + values: + global: + env: _default + + services: + frontend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/transmittal-frontend:wb_e6600344 + + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: transmittal-frontend-static + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 80 + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: transmittal-frontend-static + + + type: + _default: ClusterIP + + port: + _default: 80 + + targetPort: + _default: 80 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + + + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" \ No newline at end of file diff --git a/apps/transmittal/brusnika-stage/kustomization.yaml b/apps/transmittal/brusnika-stage/kustomization.yaml new file mode 100644 index 0000000..b00980f --- /dev/null +++ b/apps/transmittal/brusnika-stage/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: transmittal +resources: + - frontend.yaml + - backend.yaml + - worker.yaml diff --git a/apps/transmittal/brusnika-stage/worker.yaml b/apps/transmittal/brusnika-stage/worker.yaml new file mode 100644 index 0000000..0a3bd50 --- /dev/null +++ b/apps/transmittal/brusnika-stage/worker.yaml @@ -0,0 +1,387 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: worker + namespace: transmittal + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + + values: + global: + env: _default + + services: + backend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/transmittal-api:prod_d94cce67 + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: worker + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 8000 + command: + _default: + - taskiq + - worker + - '--no-parse' + - transmittal_service.tasks.broker:broker + - transmittal_service.tasks.transmittal.tasks + - transmittal_service.tasks.email.tasks + + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: worker + + type: + _default: ClusterIP + + port: + _default: 80 + + targetPort: + _default: 8000 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + + labels: + monitoring: prometheus + envs: + - name: TRANSMITTAL_SERVICE_APP__NAME + value: + _default: "Transmittal Service" + + - name: TRANSMITTAL_SERVICE_APP__LOG_LEVEL + value: + _default: "ERROR" + + - name: TRANSMITTAL_SERVICE_APP__HOST + value: + _default: "https://test.sarex.brusnika.tech/transmittal" + + - name: TRANSMITTAL_SERVICE_APP__ENVIRONMENT + value: + _default: "prod" + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_ORIGINS + value: + _default: '["*"]' + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_METHODS + value: + _default: '["*"]' + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_HEADERS + value: + _default: '["*"]' + + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_CREDENTIALS + value: + _default: "true" + + - name: TRANSMITTAL_SERVICE_UVICORN__HOST + value: + _default: "0.0.0.0" + + - name: TRANSMITTAL_SERVICE_UVICORN__PORT + value: + _default: "8000" + + - name: TRANSMITTAL_SERVICE_UVICORN__ENABLE_AUTO_RELOAD + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_OTEL__ENABLE + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_OTEL__HOST + value: + _default: "http://signoz-otel-collector-external.signoz.svc.cluster.local:4317" + + - name: TRANSMITTAL_SERVICE_OTEL__SERVICE_NAME + value: + _default: "backend.transmittals-prod" + + - name: TRANSMITTAL_SERVICE_OTEL__INSECURE + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_MODE + value: + _default: "verify-full" + + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_ROOT_CERT_PATH + value: + _default: "/opt/.postgresql/root.crt" + + - name: TRANSMITTAL_SERVICE_UVICORN__LOG_LEVEL + value: + _default: "info" + + - name: TRANSMITTAL_SERVICE_UVICORN__NUM_WORKERS + value: + _default: "2" + + - name: TRANSMITTAL_SERVICE_UVICORN__ROOT_PATH + value: + _default: "" + + - name: TRANSMITTAL_SERVICE_DATABASE__HOST + value: + _default: "192.168.2.45" + + - name: TRANSMITTAL_SERVICE_DATABASE__PORT + value: + _default: "5432" + + - name: TRANSMITTAL_SERVICE_DATABASE__NAME + value: + _default: "transmittal_db" + + - name: TRANSMITTAL_SERVICE_DATABASE__ENABLE_SSL + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__VHOST + value: + _default: "api" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__HOST + value: + _default: "rabbitmq-service" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__PORT + value: + _default: "5672" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASE_URL + value: + _default: "http://backend.django.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__BASE_URL + value: + _default: "http://resources-service.resources.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__BASE_URL + value: + _default: "http://documentations-api.documentations.svc.cluster.local:8080" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__MAX_POOL_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__CONNECT_TIMEOUT + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__READ_TIMEOUT + value: + _default: "50" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__REGION_NAME + value: + _default: "ru-central1" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__VERIFY + value: + _default: "true" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__DEFAULT_BUCKET + value: + _default: "transmittal-storage" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ENDPOINT + value: + _default: "minio-service.minio.svc.cluster.local:9000" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__USE_SSL + value: + _default: "false" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__BASE_URL + value: + _default: "http://export-project-service.django.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__TIMEOUT + value: + _default: "50" + + - name: TRANSMITTAL_SERVICE_MARKINGS__BASE_URL + value: + _default: "http://marks-service.documentations.svc.cluster.local:8000" + + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_MARKINGS__TIMEOUT + value: + _default: "50" + + - name: TRANSMITTAL_SERVICE_MAILGUN__BASE_URL + value: + _default: "https://api.mailgun.net/v3/mg.sarex.io" + + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_CONNECTIONS + value: + _default: "10" + + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_KEEPALIVE_CONNECTIONS + value: + _default: "5" + + - name: TRANSMITTAL_SERVICE_MAILGUN__TIMEOUT + value: + _default: "15" + + - name: TRANSMITTAL_SERVICE_MAILGUN__EMAIL + value: + _default: "hello@wb.io" + secretEnvs: + - name: TRANSMITTAL_SERVICE_DATABASE__USER + secretName: + _default: "postgres-secret" + secretKey: "username" + + - name: TRANSMITTAL_SERVICE_DATABASE__PASSWORD + secretName: + _default: "postgres-secret" + secretKey: "password" + + - name: TRANSMITTAL_SERVICE_AUTH__PUBLIC_KEY + secretName: + _default: "public-key" + secretKey: "key" + + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASIC_AUTH_ENCODED + secretName: + _default: "django-auth" + secretKey: "key" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ACCESS_KEY + secretName: + _default: "s3-secret" + secretKey: "access_key" + + - name: TRANSMITTAL_SERVICE_S3_CLIENT__SECRET_KEY + secretName: + _default: "s3-secret" + secretKey: "secret_key" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__USER + secretName: + _default: "rabbitmq-cred" + secretKey: "username" + + - name: TRANSMITTAL_SERVICE_RABBITMQ__PASSWORD + secretName: + _default: "rabbitmq-cred" + secretKey: "password" + + - name: TRANSMITTAL_SERVICE_MAILGUN__API_KEY + secretName: + _default: "mailgun-cred" + secretKey: "api_key" + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" \ No newline at end of file diff --git a/clusters/brusnika-stage/kustomization.yaml b/clusters/brusnika-stage/kustomization.yaml index 86f082d..d67df90 100644 --- a/clusters/brusnika-stage/kustomization.yaml +++ b/clusters/brusnika-stage/kustomization.yaml @@ -24,4 +24,5 @@ resources: - ../../apps/bim/brusnika-stage - ../../apps/rfi/brusnika-stage - ../../apps/pm/brusnika-stage - - ../../apps/checklists/brusnika-stage \ No newline at end of file + - ../../apps/checklists/brusnika-stage + - ../../apps/transmittal/brusnika-stage \ No newline at end of file From 1337fd6d331bd7af1c7edb64f3694782db68b601 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Fri, 5 Jun 2026 15:26:35 +0300 Subject: [PATCH 2/7] Fix Zitadel ingress certificate issuance --- .../infrastructure/patches/istio-config.yaml | 11 ++++------- .../infrastructure/patches/istio-config.yaml | 11 ++++------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/clusters/brusnika-prod/infrastructure/patches/istio-config.yaml b/clusters/brusnika-prod/infrastructure/patches/istio-config.yaml index 84b9d5c..74d8563 100644 --- a/clusters/brusnika-prod/infrastructure/patches/istio-config.yaml +++ b/clusters/brusnika-prod/infrastructure/patches/istio-config.yaml @@ -4,6 +4,10 @@ metadata: name: istio-config namespace: default spec: + install: + disableWait: true + upgrade: + disableWait: true values: global: env: brusnika-prod @@ -610,13 +614,6 @@ spec: gateways: - ingress-nginx/zitadel-gw routes: - - match: - - port: 80 - uri: - prefix: / - redirect: - scheme: https - redirectCode: 308 - path: prefix: / service: zitadel-idp-contour.zitadel.svc.cluster.local diff --git a/clusters/brusnika-stage/infrastructure/patches/istio-config.yaml b/clusters/brusnika-stage/infrastructure/patches/istio-config.yaml index 6a1bb47..1dd469b 100644 --- a/clusters/brusnika-stage/infrastructure/patches/istio-config.yaml +++ b/clusters/brusnika-stage/infrastructure/patches/istio-config.yaml @@ -4,6 +4,10 @@ metadata: name: istio-config namespace: default spec: + install: + disableWait: true + upgrade: + disableWait: true values: global: env: brusnika-stage @@ -555,13 +559,6 @@ spec: gateways: - ingress-nginx/zitadel-gw routes: - - match: - - port: 80 - uri: - prefix: / - redirect: - scheme: https - redirectCode: 308 - path: prefix: / service: zitadel-idp-contour.zitadel.svc.cluster.local From 739bde60acaafed9b2b5a2cfbb8f73c94ae0ae04 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 5 Jun 2026 17:31:35 +0500 Subject: [PATCH 3/7] ++ --- apps/workspaces/brusnika-stage/frontend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/workspaces/brusnika-stage/frontend.yaml b/apps/workspaces/brusnika-stage/frontend.yaml index d2921c1..9fd335a 100644 --- a/apps/workspaces/brusnika-stage/frontend.yaml +++ b/apps/workspaces/brusnika-stage/frontend.yaml @@ -35,7 +35,7 @@ spec: image: name: - _default: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_8e96aa59 + _default: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_8b87e5b0 pullPolicy: _default: IfNotPresent From 810de9ac092355bcf63918dc91603929e6d3cc69 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 5 Jun 2026 17:35:56 +0500 Subject: [PATCH 4/7] ++ --- apps/processing/brusnika-stage/api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/processing/brusnika-stage/api.yaml b/apps/processing/brusnika-stage/api.yaml index b73a0b4..1d5d8b9 100644 --- a/apps/processing/brusnika-stage/api.yaml +++ b/apps/processing/brusnika-stage/api.yaml @@ -73,7 +73,7 @@ spec: _default: 8000 targetPort: - _default: 8000 + _default: 8080 portName: _default: http From 4e0564ed955bd9b00e1f7ab399cf7843333829b6 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 5 Jun 2026 17:42:00 +0500 Subject: [PATCH 5/7] ++ --- apps/processing/brusnika-stage/api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/processing/brusnika-stage/api.yaml b/apps/processing/brusnika-stage/api.yaml index 1d5d8b9..571e9d5 100644 --- a/apps/processing/brusnika-stage/api.yaml +++ b/apps/processing/brusnika-stage/api.yaml @@ -52,7 +52,7 @@ spec: production: 3 port: - _default: 8000 + _default: 8080 probes: liveness: From 977cf65828eb4d9f494dcb789dcc56b054bc5359 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 5 Jun 2026 17:45:26 +0500 Subject: [PATCH 6/7] ++ --- apps/processing/brusnika-stage/api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/processing/brusnika-stage/api.yaml b/apps/processing/brusnika-stage/api.yaml index 571e9d5..0396174 100644 --- a/apps/processing/brusnika-stage/api.yaml +++ b/apps/processing/brusnika-stage/api.yaml @@ -35,7 +35,7 @@ spec: image: name: - _default: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_ee75fda9 + _default: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_e963403f pullPolicy: _default: IfNotPresent From 8ba3088cbfe4408ca2cd7d8d08f936cf6351121a Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Fri, 5 Jun 2026 15:49:34 +0300 Subject: [PATCH 7/7] Use Istio HTTP solver for Zitadel certificates --- .../clusterissuer-letsencrypt.yaml | 20 +++++++++++++++++++ .../infrastructure/kustomization.yaml | 1 + .../clusterissuer-letsencrypt.yaml | 20 +++++++++++++++++++ .../infrastructure/kustomization.yaml | 1 + 4 files changed, 42 insertions(+) create mode 100644 clusters/brusnika-prod/infrastructure/clusterissuer-letsencrypt.yaml create mode 100644 clusters/brusnika-stage/infrastructure/clusterissuer-letsencrypt.yaml diff --git a/clusters/brusnika-prod/infrastructure/clusterissuer-letsencrypt.yaml b/clusters/brusnika-prod/infrastructure/clusterissuer-letsencrypt.yaml new file mode 100644 index 0000000..82b34bb --- /dev/null +++ b/clusters/brusnika-prod/infrastructure/clusterissuer-letsencrypt.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + email: emelin.d@sarex.io + privateKeySecretRef: + name: letsencrypt + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - selector: + dnsNames: + - zitadel.brusnika.onprem.sarex.io + http01: + ingress: + class: istio + - http01: + ingress: + class: nginx diff --git a/clusters/brusnika-prod/infrastructure/kustomization.yaml b/clusters/brusnika-prod/infrastructure/kustomization.yaml index 494c6e1..78aa2c0 100644 --- a/clusters/brusnika-prod/infrastructure/kustomization.yaml +++ b/clusters/brusnika-prod/infrastructure/kustomization.yaml @@ -8,6 +8,7 @@ resources: - ../../../infrastructure/vault - ../../../infrastructure/zitadel - ./vault-ingress.yaml + - ./clusterissuer-letsencrypt.yaml patches: - path: ./patches/istio-gateway.yaml target: diff --git a/clusters/brusnika-stage/infrastructure/clusterissuer-letsencrypt.yaml b/clusters/brusnika-stage/infrastructure/clusterissuer-letsencrypt.yaml new file mode 100644 index 0000000..91712f5 --- /dev/null +++ b/clusters/brusnika-stage/infrastructure/clusterissuer-letsencrypt.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + email: emelin.d@sarex.io + privateKeySecretRef: + name: letsencrypt + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - selector: + dnsNames: + - zitadel.test.sarex.brusnika.tech + http01: + ingress: + class: istio + - http01: + ingress: + class: nginx diff --git a/clusters/brusnika-stage/infrastructure/kustomization.yaml b/clusters/brusnika-stage/infrastructure/kustomization.yaml index a8a4131..a8be92d 100644 --- a/clusters/brusnika-stage/infrastructure/kustomization.yaml +++ b/clusters/brusnika-stage/infrastructure/kustomization.yaml @@ -9,6 +9,7 @@ resources: - ../../../infrastructure/zitadel - ./lb-service-override.yaml - ./vault-ingress.yaml + - ./clusterissuer-letsencrypt.yaml patches: - path: ./patches/istio-gateway.yaml target: