Add PM app with backend, Celery, services, namespace, ConfigMap, and PostgreSQL configuration in yc-k8s-test

2026-04-17 13:46:18 +03:00 · 2026-04-17 13:46:18 +03:00 · c08493c4df
commit c08493c4df
parent af53d99607
9 changed files with 394 additions and 1 deletions
--- a/apps/pm/base/backend-configmap.yaml
+++ b/apps/pm/base/backend-configmap.yaml
@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backend-configmap
+  namespace: pm
+data:
+  uwsgi.ini: |
+    [uwsgi]
+    log-format = {"time": "%(time)", "method": "%(method)", "uri": "%(uri)", "status": "%(status)", "size": "%(size)", "addr": "%(addr)", "user": "%(user)", "proto": "%(proto)", "user_agent": "%(uagent)", "referer": "%(referer)", "trace_id": "%(trace_id)", "span_id": "%(span_id)"}
+    module                 = config.wsgi:application
+    DJANGO_SETTINGS_MODULE = config.settings.base
+    http                   = 0.0.0.0:8000
+    processes              = 8
+    master                 = true
+    vacuum                 = true
+    enable-threads         = true
+    buffer-size            = 65535
+    stats                  = :3031
+    stats-http             = true
+    memory-report          = true
+    lazy-apps              = true
+    listen                 = 1024
+    disable-write-exception= 0
+    harakiri               = 300
+    socket-timeout         = 300
+    chunked-input-timeout  = 300
+    http-timeout           = 300
+    worker-reload-mercy    = 240
+    mule-reload-mercy      = 240
--- a/apps/pm/base/backend-deployment.yaml
+++ b/apps/pm/base/backend-deployment.yaml
@ -0,0 +1,102 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: pm
+  labels:
+    app: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 5
+      maxUnavailable: 5
+  template:
+    metadata:
+      labels:
+        app: backend
+        monitoring: prometheus
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values:
+                      - backend
+              topologyKey: kubernetes.io/hostname
+      containers:
+        - name: backend
+          image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: USERS_INTERNAL_HOST
+              value: http://backend.django.svc.cluster.local:8000
+            - name: RESOURCES_INTERNAL_HOST
+              value: http://resources-service.resources.svc.cluster.local:8000
+            - name: EAV_HOST
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: EAV_API_PREFIX
+              value: /api/v0
+            - name: EAV_API_PREFIX_V1
+              value: /api/v1
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          volumeMounts:
+            - name: uwsgi-configmap
+              mountPath: /opt/sarex/uwsgi.ini
+              subPath: uwsgi.ini
+            - name: env-file
+              mountPath: /opt/sarex/.env
+              subPath: .env
+            - name: tmp-volume
+              mountPath: /tmp
+            - name: kafka-cert-volume
+              mountPath: /usr/local/share/ca-certificates
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 10
+            periodSeconds: 60
+            failureThreshold: 10
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 20
+      volumes:
+        - name: tmp-volume
+          emptyDir: {}
+        - name: uwsgi-configmap
+          configMap:
+            name: backend-configmap
+            defaultMode: 420
+            items:
+              - key: uwsgi.ini
+                path: uwsgi.ini
+        - name: env-file
+          secret:
+            secretName: sarex-env
+            defaultMode: 420
+        - name: kafka-cert-volume
+          configMap:
+            name: kafka-cert
+            defaultMode: 420
+      imagePullSecrets:
+        - name: regcred
--- a/apps/pm/base/backend-service.yaml
+++ b/apps/pm/base/backend-service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-service
+  namespace: pm
+spec:
+  type: ClusterIP
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 8000
+      targetPort: 8000
+      protocol: TCP
--- a/apps/pm/base/celery-deployment.yaml
+++ b/apps/pm/base/celery-deployment.yaml
@ -0,0 +1,106 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery
+  namespace: pm
+  labels:
+    app: celery
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: celery
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 5
+      maxUnavailable: 5
+  template:
+    metadata:
+      labels:
+        app: celery
+        monitoring: prometheus
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values:
+                      - backend
+              topologyKey: kubernetes.io/hostname
+      containers:
+        - name: celery
+          image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123
+          imagePullPolicy: IfNotPresent
+          command:
+            - celery
+            - -A
+            - config
+            - worker
+            - -B
+            - -l
+            - info
+            - -E
+            - -Q
+            - pm
+            - -n
+            - default_worker.%h
+            - --concurrency=2
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: PLANNING_HOST
+              value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp
+            - name: PLANNING_USE
+              value: "True"
+            - name: USERS_INTERNAL_HOST
+              value: http://backend.django.svc.cluster.local:8000
+            - name: RESOURCES_INTERNAL_HOST
+              value: http://resources-service.resources.svc.cluster.local:8000
+            - name: EAV_HOST
+              value: http://eav-service.eav.svc.cluster.local:8000
+            - name: EAV_API_PREFIX
+              value: /api/v0
+            - name: EAV_API_PREFIX_V1
+              value: /api/v1
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          volumeMounts:
+            - name: uwsgi-configmap
+              mountPath: /opt/sarex/uwsgi.ini
+              subPath: uwsgi.ini
+            - name: env-file
+              mountPath: /opt/sarex/.env
+              subPath: .env
+            - name: tmp-volume
+              mountPath: /tmp
+            - name: kafka-cert-volume
+              mountPath: /usr/local/share/ca-certificates
+      volumes:
+        - name: tmp-volume
+          emptyDir: {}
+        - name: uwsgi-configmap
+          configMap:
+            name: backend-configmap
+            defaultMode: 420
+            items:
+              - key: uwsgi.ini
+                path: uwsgi.ini
+        - name: env-file
+          secret:
+            secretName: sarex-env
+            defaultMode: 420
+        - name: kafka-cert-volume
+          configMap:
+            name: kafka-cert
+            defaultMode: 420
+      imagePullSecrets:
+        - name: regcred
--- a/apps/pm/base/kustomization.yaml
+++ b/apps/pm/base/kustomization.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: pm
+resources:
+  - namespace.yaml
+#  - backend-deployment.yaml
+  - backend-service.yaml
+#  - celery-deployment.yaml
+#  - redis-deployment.yaml
+#  - redis-service.yaml
+  - backend-configmap.yaml
--- a/apps/pm/base/namespace.yaml
+++ b/apps/pm/base/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: pm
+  labels:
+    istio-injection: enabled
--- a/apps/pm/yc-k8s-test/kustomization.yaml
+++ b/apps/pm/yc-k8s-test/kustomization.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+#  - postgresql.yaml
+patches: []
--- a/apps/pm/yc-k8s-test/postgresql.yaml
+++ b/apps/pm/yc-k8s-test/postgresql.yaml
@ -0,0 +1,113 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: pm
+spec:
+  interval: 5m
+  timeout: 2h
+  chart:
+    spec:
+      chart: postgresql-contour
+      version: "17.0.2"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+
+  install:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  upgrade:
+    timeout: 2h
+    remediation:
+      retries: 3
+
+  values:
+    global:
+      security:
+        allowInsecureImages: true
+      defaultStorageClass: local-path
+      postgresql:
+        auth:
+          username: ""
+          database: ""
+          secretKeys:
+            userPasswordKey: "postgres-password"
+    auth:
+      username: ""
+      database: ""
+      secretKeys:
+        userPasswordKey: "postgres-password"
+    image:
+      registry: cr.yandex/crp3ccidau046kdj8g9q
+      repository: contour/postgresql
+      tag: 17.0.2
+      pullPolicy: Always
+    metrics:
+      enabled: false
+      prometheusRule:
+        enabled: false
+    primary:
+      containerSecurityContext:
+        readOnlyRootFilesystem: false
+      persistence:
+        storageClass: local-path
+        size: 20Gi
+      resources:
+        requests:
+          memory: 512Mi
+      customLivenessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customReadinessProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 5
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      customStartupProbe:
+        exec:
+          command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
+        initialDelaySeconds: 30
+        periodSeconds: 10
+        timeoutSeconds: 5
+        successThreshold: 1
+        failureThreshold: 6
+      nodeSelector:
+        dedicated: db
+      tolerations:
+        - key: dedicated
+          operator: Equal
+          value: db
+          effect: NoSchedule
+    contour:
+      enabled: true
+      adminUser: ""
+      adminPasswordSecretKey: ""
+      sharedPreloadLibraries: "pg_stat_statements,ltree"
+      databases:
+        - name: pm_db
+          user: pm
+          extensions: []
+          restoreFromDump: false
+      s3-proxy:
+        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
--- a/clusters/yc-k8s-test/kustomization.yaml
+++ b/clusters/yc-k8s-test/kustomization.yaml
@ -22,4 +22,5 @@ resources:
  - ../../apps/inspections/yc-k8s-test
  - ../../apps/system-log/yc-k8s-test
  - ../../apps/remarks/yc-k8s-test
-  - ../../apps/notes/yc-k8s-test
+  - ../../apps/notes/yc-k8s-test
+  - ../../apps/pm/yc-k8s-test