Add platform services to yc-k8s-test-02

2026-05-28 18:35:00 +03:00 · 2026-05-28 18:35:00 +03:00 · ae99372ecf
commit ae99372ecf
parent 9722733275
8 changed files with 446 additions and 0 deletions
--- a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml
@ -5,8 +5,15 @@ resources:
  - ../../../infrastructure/istio-pilot
  - ../../../infrastructure/istio-gateway
  - ../../../infrastructure/istio-config
+  - ../../../infrastructure/dashboard
  - ../../../infrastructure/local-path-provisioner
  - ../../../infrastructure/minio
+  - ../../../infrastructure/rabbitmq
+  - ../../../infrastructure/kafka
+  - ../../../infrastructure/redis
+  - ../../../infrastructure/camunda
+  - ../../../infrastructure/zitadel
+  - ../../../infrastructure/keycloak
  - ../../../infrastructure/vault
 patches:
  - path: ./patches/istio-base.yaml
@ -37,6 +44,13 @@ patches:
      kind: HelmRelease
      name: istio-config
      namespace: default
+  - path: ./patches/dashboard.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: dashboard
+      namespace: kubernetes-dashboard
  - path: ./patches/local-path-provisioner.yaml
    target:
      group: helm.toolkit.fluxcd.io
@ -51,6 +65,48 @@ patches:
      kind: HelmRelease
      name: minio
      namespace: minio
+  - path: ./patches/rabbitmq.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: rabbitmq
+      namespace: rabbitmq
+  - path: ./patches/kafka.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: kafka
+      namespace: kafka
+  - path: ./patches/redis.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: redis
+      namespace: redis
+  - path: ./patches/camunda.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: camunda
+      namespace: camunda
+  - path: ./patches/zitadel.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: zitadel
+      namespace: zitadel
+  - path: ./patches/keycloak.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: keycloak
+      namespace: keycloak
  - path: ./patches/vault.yaml
    target:
      group: helm.toolkit.fluxcd.io
--- a/clusters/yc-k8s-test-02/infrastructure/patches/camunda.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/patches/camunda.yaml
@ -0,0 +1,155 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: camunda
+  namespace: camunda
+spec:
+  interval: 5m
+  timeout: 15m
+  values:
+    global:
+      vault:
+        enabled: true
+        role: camunda
+        authPath: auth/kubernetes
+      image:
+        pullSecrets:
+          - name: regcred
+      identity:
+        auth:
+          publicIssuerUrl: "https://camunda-keycloak.contour.infra.sarex.tech/auth/realms/camunda-platform"
+          identity:
+            redirectUrl: "https://camunda-identity.contour.infra.sarex.tech"
+          operate:
+            redirectUrl: "https://camunda-operate.contour.infra.sarex.tech"
+          tasklist:
+            redirectUrl: "https://camunda-tasklist.contour.infra.sarex.tech"
+          optimize:
+            redirectUrl: "https://camunda-optimize.contour.infra.sarex.tech"
+          webModeler:
+            redirectUrl: "https://camunda-web-modeler.contour.infra.sarex.tech"
+          console:
+            redirectUrl: "https://camunda-console.contour.infra.sarex.tech"
+    identityPostgresql:
+      auth:
+        usePasswordFiles: true
+      primary:
+        automountServiceAccountToken: true
+        persistence:
+          size: 10Gi
+          storageClass: local-path
+    identityKeycloak:
+      postgresql:
+        auth:
+          usePasswordFiles: true
+        primary:
+          automountServiceAccountToken: true
+          persistence:
+            size: 10Gi
+            storageClass: local-path
+      vaultEnv:
+        enabled: true
+        role: camunda
+        authPath: auth/kubernetes
+        envFiles:
+          KEYCLOAK_ADMIN_PASSWORD:
+            path: secrets/data/camunda/keycloak-admin
+            key: admin-password
+          KEYCLOAK_PASSWORD:
+            path: secrets/data/camunda/keycloak-admin
+            key: admin-password
+          KEYCLOAK_DATABASE_PASSWORD:
+            path: secrets/data/camunda/postgresql
+            key: password
+      global:
+        storageClass: local-path
+      tolerations: []
+    postgresql:
+      auth:
+        usePasswordFiles: true
+      primary:
+        automountServiceAccountToken: true
+        persistence:
+          size: 10Gi
+          storageClass: local-path
+    elasticsearch:
+      master:
+        persistence:
+          size: 10Gi
+          storageClass: local-path
+        tolerations: []
+      metrics:
+        enabled: false
+        serviceMonitor:
+          enabled: false
+        prometheusRule:
+          enabled: false
+        tolerations: []
+    camundaCanary:
+      enabled: false
+    prometheusServiceMonitor:
+      enabled: false
+    console:
+      image:
+        pullSecrets:
+          - name: regcred
+      tolerations: []
+    zeebe:
+      pvcStorageClassName: local-path
+      image:
+        pullSecrets:
+          - name: regcred
+      tolerations: []
+    zeebeGateway:
+      image:
+        pullSecrets:
+          - name: regcred
+      tolerations: []
+    operate:
+      image:
+        pullSecrets:
+          - name: regcred
+      serviceAccount:
+        automountServiceAccountToken: true
+      tolerations: []
+    tasklist:
+      image:
+        pullSecrets:
+          - name: regcred
+      serviceAccount:
+        automountServiceAccountToken: true
+      tolerations: []
+    optimize:
+      image:
+        pullSecrets:
+          - name: regcred
+      serviceAccount:
+        automountServiceAccountToken: true
+      tolerations: []
+    executionIdentity:
+      image:
+        pullSecrets:
+          - name: regcred
+      tolerations: []
+    identity:
+      image:
+        pullSecrets:
+          - name: regcred
+      tolerations: []
+    webModeler:
+      image:
+        pullSecrets:
+          - name: regcred
+      restapi:
+        tolerations: []
+      webapp:
+        tolerations: []
+      websockets:
+        tolerations: []
+    connectors:
+      image:
+        pullSecrets:
+          - name: regcred
+      serviceAccount:
+        automountServiceAccountToken: true
+      tolerations: []
--- a/clusters/yc-k8s-test-02/infrastructure/patches/dashboard.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/patches/dashboard.yaml
@ -0,0 +1,25 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: dashboard
+  namespace: kubernetes-dashboard
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    destinationRule:
+      enabled: true
+      host: "dashboard-kong-proxy"
+      tlsMode: "DISABLE"
+    virtualService:
+      enabled: false
+    gateway:
+      enabled: false
+    app:
+      image:
+        pullSecrets:
+          - regcred
+    kong:
+      image:
+        pullSecrets:
+          - regcred
--- a/clusters/yc-k8s-test-02/infrastructure/patches/kafka.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/patches/kafka.yaml
@ -0,0 +1,57 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: kafka
+  namespace: kafka
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    global:
+      imagePullSecrets:
+        - regcred
+      defaultStorageClass: local-path
+    image:
+      pullSecrets:
+        - regcred
+    controller:
+      replicaCount: 1
+      automountServiceAccountToken: true
+      persistence:
+        size: 8Gi
+        storageClass: local-path
+      overrideConfiguration:
+        offsets.topic.replication.factor: 1
+        transaction.state.log.replication.factor: 1
+        transaction.state.log.min.isr: 1
+        default.replication.factor: 1
+        min.insync.replicas: 1
+    broker:
+      replicaCount: 0
+      automountServiceAccountToken: true
+    listeners:
+      client:
+        protocol: SASL_SSL
+        sslClientAuth: "none"
+    provisioning:
+      enabled: false
+    sasl:
+      managedExistingSecret:
+        enabled: false
+      existingSecret: ""
+      enabledMechanisms: PLAIN,SCRAM-SHA-512
+      interBrokerMechanism: PLAIN
+      controllerMechanism: PLAIN
+      client:
+        users: []
+        passwords: ""
+    tls:
+      type: PEM
+    vault:
+      enabled: true
+      role: kafka
+      authPath: auth/kubernetes
+      secretPath: secrets/data/kafka/bootstrap
+      clusterIdKey: clusterId
+      interBrokerPasswordKey: interBrokerPassword
+      controllerPasswordKey: controllerPassword
--- a/clusters/yc-k8s-test-02/infrastructure/patches/keycloak.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/patches/keycloak.yaml
@ -0,0 +1,49 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: keycloak
+  namespace: keycloak
+spec:
+  interval: 5m
+  timeout: 15m
+  values:
+    global:
+      defaultStorageClass: local-path
+      imageRegistry: ""
+    persistence:
+      enabled: true
+      storageClass: local-path
+      size: 10Gi
+    postgresql:
+      enabled: false
+    vaultEnv:
+      enabled: true
+      role: keycloak
+      authPath: auth/kubernetes
+      envFiles:
+        KEYCLOAK_ADMIN_PASSWORD:
+          path: secrets/data/keycloak/admin
+          key: password
+        KEYCLOAK_PASSWORD:
+          path: secrets/data/keycloak/admin
+          key: password
+        KEYCLOAK_DATABASE_HOST:
+          path: secrets/data/keycloak/postgresql
+          key: host
+        KEYCLOAK_DATABASE_PORT:
+          path: secrets/data/keycloak/postgresql
+          key: port
+        KEYCLOAK_DATABASE_USER:
+          path: secrets/data/keycloak/postgresql
+          key: user
+        KEYCLOAK_DATABASE_NAME:
+          path: secrets/data/keycloak/postgresql
+          key: database
+        KEYCLOAK_DATABASE_PASSWORD:
+          path: secrets/data/keycloak/postgresql
+          key: password
+    externalDatabase:
+      host: "postgresql.postgresql.svc.cluster.local"
+      port: 5432
+      user: keycloak
+      database: keycloak
--- a/clusters/yc-k8s-test-02/infrastructure/patches/rabbitmq.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/patches/rabbitmq.yaml
@ -0,0 +1,42 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: rabbitmq
+  namespace: rabbitmq
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+    virtualService: null
+    gateway: null
+    certificate: null
+    metrics:
+      serviceMonitor:
+        enabled: false
+        default:
+          enabled: false
+        perObject:
+          enabled: false
+        detailed:
+          enabled: false
+    extraServiceMonitors: []
+    replicaCount: 1
+    resources:
+      requests:
+        memory: 1Gi
+    persistence:
+      storageClass: local-path
+      size: 10Gi
+    auth:
+      securePassword: true
+      existingPasswordSecret: ""
+      vault:
+        enabled: true
+        role: rabbitmq
+        authPath: auth/kubernetes
+        secretPath: secrets/data/rabbitmq/auth
+        usernameKey: username
+        passwordKey: password
--- a/clusters/yc-k8s-test-02/infrastructure/patches/redis.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/patches/redis.yaml
@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: redis
+  namespace: redis
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    global:
+      defaultStorageClass: local-path
+    architecture: standalone
+    auth:
+      enabled: true
+    sentinel:
+      enabled: false
+    replica:
+      replicaCount: 0
+    master:
+      count: 1
+      resources:
+        requests:
+          memory: 1Gi
+        limits: {}
+      persistence:
+        storageClass: local-path
+        size: 10Gi
--- a/clusters/yc-k8s-test-02/infrastructure/patches/zitadel.yaml
+++ b/clusters/yc-k8s-test-02/infrastructure/patches/zitadel.yaml
@ -0,0 +1,35 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: zitadel
+  namespace: zitadel
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    postgresqlSecret:
+      create: false
+      vault:
+        enabled: true
+        role: zitadel
+        authPath: auth/kubernetes
+        secretPath: secrets/data/zitadel/postgresql
+        secretKey: password
+    zitadel:
+      configmapConfig:
+        ExternalDomain: zitadel.contour.infra.sarex.tech
+    login:
+      env:
+        - name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
+          value: "false"
+        - name: ZITADEL_DATABASE_POSTGRES_HOST
+          value: "postgresql.postgresql.svc.cluster.local"
+        - name: ZITADEL_DATABASE_POSTGRES_PORT
+          value: "5432"
+    env:
+      - name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
+        value: "false"
+      - name: ZITADEL_DATABASE_POSTGRES_HOST
+        value: "postgresql.postgresql.svc.cluster.local"
+      - name: ZITADEL_DATABASE_POSTGRES_PORT
+        value: "5432"