diff --git a/apps/django/brusnika-stage/celery.yaml b/apps/django/brusnika-stage/celery.yaml index 74143d3..cc3a882 100644 --- a/apps/django/brusnika-stage/celery.yaml +++ b/apps/django/brusnika-stage/celery.yaml @@ -129,6 +129,20 @@ spec: - key: production.py path: _default: production.py + - name: kafka-cert + mountPath: + _default: /etc/ca-certificates/Yandex/YandexInternalRootCA.crt + subPath: + _default: YandexInternalRootCA.crt + readOnly: + _default: true + configMap: + name: + _default: kafka-cert + items: + - key: YandexInternalRootCA.crt + path: + _default: YandexInternalRootCA.crt labels: monitoring: prometheus @@ -169,6 +183,33 @@ spec: - name: DJANGO_REDIS_HOST value: _default: "redis-service" + + + - name: SERVER_KAFKA_ENABLED + value: + _default: "True" + + + - name: KAFKA_TOPICS + value: + _default: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' + + + - name: KAFKA_BOOTSTRAP_SERVERS + value: + _default: '["brusnika-stage-kafka-bootstrap.kafka.svc.cluster.local:9093"]' + + - name: KAFKA_SECURITY_PROTOCOL + value: + _default: "SSL" + + - name: KAFKA_SASL_MECHANISM + value: + _default: "SCRAM-SHA-512" + + - name: KAFKA_SSL_CAFILE + value: + _default: "/etc/ca-certificates/Yandex/YandexInternalRootCA.crt" - name: DJANGO_REDIS_PORT value: @@ -294,6 +335,16 @@ spec: secretName: _default: "jwt-secret-superset" secretKey: "jwt_secret" + + - name: KAFKA_SASL_PLAIN_USERNAME + secretName: + _default: "kafka-secret" + secretKey: "username" + + - name: KAFKA_SASL_PLAIN_PASSWORD + secretName: + _default: "kafka-secret" + secretKey: "password" - name: KC_CLIENT_ID secretName: diff --git a/apps/django/brusnika-stage/sarex-backend.yaml b/apps/django/brusnika-stage/sarex-backend.yaml index c3ed588..48e60b7 100644 --- a/apps/django/brusnika-stage/sarex-backend.yaml +++ b/apps/django/brusnika-stage/sarex-backend.yaml @@ -113,6 +113,20 @@ spec: - key: production.py path: _default: production.py + - name: kafka-cert + mountPath: + _default: /etc/ca-certificates/Yandex/YandexInternalRootCA.crt + subPath: + _default: YandexInternalRootCA.crt + readOnly: + _default: true + configMap: + name: + _default: kafka-cert + items: + - key: YandexInternalRootCA.crt + path: + _default: YandexInternalRootCA.crt labels: monitoring: prometheus @@ -133,6 +147,32 @@ spec: - name: SERVER_USE_CHANGELOG value: _default: "0" + + - name: SERVER_KAFKA_ENABLED + value: + _default: "True" + + + - name: KAFKA_TOPICS + value: + _default: '{"planning": "message-hub-stage", "ams-sync": "ams-sync"}' + + + - name: KAFKA_BOOTSTRAP_SERVERS + value: + _default: '["brusnika-stage-kafka-bootstrap.kafka.svc.cluster.local:9093"]' + + - name: KAFKA_SECURITY_PROTOCOL + value: + _default: "SSL" + + - name: KAFKA_SASL_MECHANISM + value: + _default: "SCRAM-SHA-512" + + - name: KAFKA_SSL_CAFILE + value: + _default: "/etc/ca-certificates/Yandex/YandexInternalRootCA.crt" - name: SERVER_ZITADEL_ENABLED value: @@ -293,6 +333,17 @@ spec: secretName: _default: "s3-secret" secretKey: "endpoint" + + + - name: KAFKA_SASL_PLAIN_USERNAME + secretName: + _default: "kafka-secret" + secretKey: "username" + + - name: KAFKA_SASL_PLAIN_PASSWORD + secretName: + _default: "kafka-secret" + secretKey: "password" - name: CELERY_RABBITMQ_HOST secretName: