sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify PM app backend and Celery deployments: remove unused environment variables, streamline secret references, and set default values for configuration.

Browse Source
This commit is contained in:
emelinda 2026-04-17 16:40:38 +03:00
parent addd56ca74
commit 8d2a5e62ef
2 changed files with 134 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

209
apps/pm/base/backend-deployment.yaml
View File

@ -35,24 +35,6 @@ spec:
containerPort: 8000 containerPort: 8000
protocol: TCP protocol: TCP
env: env:
- name: K8S_POD_UID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.uid
- name: K8S_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: K8S_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: OTEL_RESOURCE_ATTRIBUTES
value: >-
k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE)
- name: USERS_INTERNAL_HOST - name: USERS_INTERNAL_HOST
value: http://backend-service.sarex.svc.cluster.local:8000 value: http://backend-service.sarex.svc.cluster.local:8000
- name: CELERY_REDIS_HOST - name: CELERY_REDIS_HOST
@ -65,10 +47,8 @@ spec:
value: /api/v0 value: /api/v0
- name: EAV_API_PREFIX_V1 - name: EAV_API_PREFIX_V1
value: /api/v1 value: /api/v1
- name: TRACING_ENDPOINT
value: signoz-otel-collector-external.signoz.svc.cluster.local:4317
- name: TRACING_INSECURE - name: TRACING_INSECURE
value: "True" value: "False"
- name: SERVER_ENABLE_SYNC_RESOURCES - name: SERVER_ENABLE_SYNC_RESOURCES
value: "True" value: "True"
- name: SERVER_DELETED_TASK_MAX_AGE_DAYS - name: SERVER_DELETED_TASK_MAX_AGE_DAYS
@ -100,7 +80,7 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgresql-secrets name: postgresql-secrets
key: host key: hostname
- name: DB_PORT - name: DB_PORT
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -109,160 +89,127 @@ spec:
- name: S3_HOST - name: S3_HOST
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: host key: endpoint
- name: S3_LOGIN - name: S3_LOGIN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: login key: login
- name: S3_PASSWORD - name: S3_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: password key: password
- name: S3_BUCKET - name: S3_BUCKET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: bucket key: bucket
- name: CACHE_HOST
valueFrom: # - name: CACHE_HOST
secretKeyRef: # valueFrom:
name: cache-secret-pm # secretKeyRef:
key: host # name: cache-secret-pm
- name: CACHE_PORT # key: host
valueFrom: # - name: CACHE_PORT
secretKeyRef: # valueFrom:
name: cache-secret-pm # secretKeyRef:
key: port # name: cache-secret-pm
- name: CACHE_PASSWORD # key: port
valueFrom: # - name: CACHE_PASSWORD
secretKeyRef: # valueFrom:
name: cache-secret-pm # secretKeyRef:
key: password # name: cache-secret-pm
# key: password
- name: CACHE_SSL - name: CACHE_SSL
valueFrom: value: "False"
secretKeyRef:
name: cache-secret-pm
key: ssl
- name: CACHE_SSL_CA_CERTS - name: CACHE_SSL_CA_CERTS
valueFrom: value: ""
secretKeyRef:
name: cache-secret-pm
key: ssl_ca_certs
- name: CACHE_ENABLE - name: CACHE_ENABLE
valueFrom: value: "False"
secretKeyRef:
name: cache-secret-pm
key: enable
- name: CLICKHOUSE_ENABLE - name: CLICKHOUSE_ENABLE
value: 'False' value: 'False'
- name: KAFKA_ENABLE - name: KAFKA_ENABLE
valueFrom: value: 'False'
secretKeyRef: # - name: KAFKA_BOOTSTRAP_SERVERS
name: ya-kafka-secret-pm # valueFrom:
key: enable # secretKeyRef:
- name: KAFKA_BOOTSTRAP_SERVERS # name: ya-kafka-secret-pm
valueFrom: # key: bootstrap_servers
secretKeyRef: # - name: KAFKA_SECURITY_PROTOCOL
name: ya-kafka-secret-pm # valueFrom:
key: bootstrap_servers # secretKeyRef:
- name: KAFKA_SECURITY_PROTOCOL # name: ya-kafka-secret-pm
valueFrom: # key: security_protocol
secretKeyRef: # - name: KAFKA_SASL_MECHANISM
name: ya-kafka-secret-pm # valueFrom:
key: security_protocol # secretKeyRef:
- name: KAFKA_SASL_MECHANISM # name: ya-kafka-secret-pm
valueFrom: # key: sasl_mechanism
secretKeyRef: # - name: KAFKA_SASL_PLAIN_USERNAME
name: ya-kafka-secret-pm # valueFrom:
key: sasl_mechanism # secretKeyRef:
- name: KAFKA_SASL_PLAIN_USERNAME # name: ya-kafka-secret-pm
valueFrom: # key: sasl_username
secretKeyRef: # - name: KAFKA_SASL_PLAIN_PASSWORD
name: ya-kafka-secret-pm # valueFrom:
key: sasl_username # secretKeyRef:
- name: KAFKA_SASL_PLAIN_PASSWORD # name: ya-kafka-secret-pm
valueFrom: # key: sasl_password
secretKeyRef: # - name: KAFKA_SSL_CAFILE
name: ya-kafka-secret-pm # valueFrom:
key: sasl_password # secretKeyRef:
- name: KAFKA_SSL_CAFILE # name: ya-kafka-secret-pm
valueFrom: # key: ssl_cafile
secretKeyRef: # - name: KAFKA_TOPICS
name: ya-kafka-secret-pm # valueFrom:
key: ssl_cafile # secretKeyRef:
- name: KAFKA_TOPICS # name: ya-kafka-secret-pm
valueFrom: # key: topics
secretKeyRef:
name: ya-kafka-secret-pm
key: topics
- name: CELERY_RABBITMQ_HOST - name: CELERY_RABBITMQ_HOST
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: rabbit-secret-pm name: rabbitmq-secrets
key: host key: hostname
- name: CELERY_RABBITMQ_PORT - name: CELERY_RABBITMQ_PORT
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: rabbit-secret-pm name: rabbitmq-secrets
key: port key: port
- name: CELERY_RABBITMQ_USER - name: CELERY_RABBITMQ_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: rabbit-secret-pm name: rabbitmq-secrets
key: user key: username
- name: CELERY_RABBITMQ_PASSWORD - name: CELERY_RABBITMQ_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: rabbit-secret-pm name: rabbitmq-secrets
key: password key: password
- name: CELERY_RABBITMQ_VHOST - name: CELERY_RABBITMQ_VHOST
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: rabbit-secret-pm name: rabbit-secret-pm
key: vhost key: vhost
- name: AUTH_PUBLIC_TOKEN_URL - name: AUTH_PUBLIC_TOKEN_URL
valueFrom: value: "https://lk.sarex.io/api/token/public/"
secretKeyRef:
name: server-secret-pm
key: auth_public_token_url
- name: SERVER_HOST - name: SERVER_HOST
valueFrom: value: "https://lk.sarex.io"
secretKeyRef:
name: server-secret-pm
key: server_host
- name: SERVER_API_HOST - name: SERVER_API_HOST
valueFrom: value: "https://api.sarex.io"
secretKeyRef:
name: server-secret-pm
key: server_api_host
- name: SERVER_DEBUG - name: SERVER_DEBUG
valueFrom: value: "False"
secretKeyRef:
name: server-secret-pm
key: server_debug
- name: SERVER_ALLOWED_HOSTS - name: SERVER_ALLOWED_HOSTS
valueFrom: value: '["*"]'
secretKeyRef:
name: server-secret-pm
key: server_allowed_hosts
- name: SERVER_USE_OTEL - name: SERVER_USE_OTEL
valueFrom: value: "False"
secretKeyRef:
name: server-secret-pm
key: server_use_otel
- name: SERVER_VERIFY_SSL - name: SERVER_VERIFY_SSL
valueFrom: value: "False"
secretKeyRef:
name: server-secret-pm
key: server_verify_ssl
- name: SERVER_LOG_LEVEL - name: SERVER_LOG_LEVEL
valueFrom: value: "INFO"
secretKeyRef:
name: server-secret-pm
key: server_log_level
resources: resources:
requests: requests:
cpu: "1" cpu: "1"

115
apps/pm/base/celery-deployment.yaml
View File

@ -95,87 +95,84 @@ spec:
- name: S3_HOST - name: S3_HOST
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: host key: endpoint
- name: S3_LOGIN - name: S3_LOGIN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: login key: login
- name: S3_PASSWORD - name: S3_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: password key: password
- name: S3_BUCKET - name: S3_BUCKET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ya-s3-secret-pm name: s3-secrets
key: bucket key: bucket
- name: CACHE_HOST # - name: CACHE_HOST
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: cache-secret-pm # name: cache-secret-pm
key: host # key: host
- name: CACHE_PORT # - name: CACHE_PORT
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: cache-secret-pm # name: cache-secret-pm
key: port # key: port
- name: CACHE_PASSWORD # - name: CACHE_PASSWORD
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: cache-secret-pm # name: cache-secret-pm
key: password # key: password
- name: CACHE_SSL - name: CACHE_SSL
value: "False" value: "False"
- name: CACHE_SSL_CA_CERTS - name: CACHE_SSL_CA_CERTS
value: "" value: ""
- name: CACHE_ENABLE - name: CACHE_ENABLE
valueFrom: value: "False"
secretKeyRef:
name: cache-secret-pm
key: enable
- name: CLICKHOUSE_ENABLE - name: CLICKHOUSE_ENABLE
value: 'False' value: 'False'
- name: KAFKA_ENABLE - name: KAFKA_ENABLE
value: 'False' value: 'False'
- name: KAFKA_BOOTSTRAP_SERVERS # - name: KAFKA_BOOTSTRAP_SERVERS
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: ya-kafka-secret-pm # name: ya-kafka-secret-pm
key: bootstrap_servers # key: bootstrap_servers
- name: KAFKA_SECURITY_PROTOCOL # - name: KAFKA_SECURITY_PROTOCOL
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: ya-kafka-secret-pm # name: ya-kafka-secret-pm
key: security_protocol # key: security_protocol
- name: KAFKA_SASL_MECHANISM # - name: KAFKA_SASL_MECHANISM
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: ya-kafka-secret-pm # name: ya-kafka-secret-pm
key: sasl_mechanism # key: sasl_mechanism
- name: KAFKA_SASL_PLAIN_USERNAME # - name: KAFKA_SASL_PLAIN_USERNAME
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: ya-kafka-secret-pm # name: ya-kafka-secret-pm
key: sasl_username # key: sasl_username
- name: KAFKA_SASL_PLAIN_PASSWORD # - name: KAFKA_SASL_PLAIN_PASSWORD
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: ya-kafka-secret-pm # name: ya-kafka-secret-pm
key: sasl_password # key: sasl_password
- name: KAFKA_SSL_CAFILE # - name: KAFKA_SSL_CAFILE
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: ya-kafka-secret-pm # name: ya-kafka-secret-pm
key: ssl_cafile # key: ssl_cafile
- name: KAFKA_TOPICS # - name: KAFKA_TOPICS
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: ya-kafka-secret-pm # name: ya-kafka-secret-pm
key: topics # key: topics
- name: CELERY_RABBITMQ_HOST - name: CELERY_RABBITMQ_HOST
valueFrom: valueFrom: