sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

++

Browse Source
This commit is contained in:
ivan 2026-06-10 15:25:27 +05:00
parent 1023dff25b
commit e921706312
5 changed files with 438 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
apps/ams-sync/base/helmrelease.yaml Normal file
View File

@ -0,0 +1,204 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ams-sync
namespace: ams-sync
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/ams-sync:ugok
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: ams-sync
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: ams-sync
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: AMS_SYNC_TOPIC
value:
_default: "ams-sync"
- name: ENVIRONMENT
value:
_default: "PRODUCTION"
- name: HOST_ORGANIZATION_ID
value:
_default: "368536846176636704"
- name: ALERT_ENABLED
value:
_default: "False"
- name: USER_SERVER_HOST
value:
_default: "https://sarex.ugok.lan"
- name: AUTH_HOST
value:
_default: "https://sarex.ugok.lan"
- name: VERIFY_USERS
value:
_default: "True"
- name: KAFKA_SECURITY_PROTOCOL
value:
_default: "SSL"
- name: KAFKA_SASL_MECHANISM
value:
_default: "SCRAM-SHA-512"
secretEnvs:
- name: TELEGRAM_TOKEN
secretName:
_default: "telegram-secret"
secretKey: "telegram-token"
- name: TELEGRAM_GROUP_ID
secretName:
_default: "telegram-secret"
secretKey: "telegram-group-id"
- name: ZITADEL_HOST
secretName:
_default: "zitadel-token-secret"
secretKey: "zitadel-host"
- name: ZITADEL_SERVICE_ACCESS_TOKEN
secretName:
_default: "zitadel-token-secret"
secretKey: "zitadel-access-token"
- name: KAFKA_BOOTSTRAP_SERVERS
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-bootstrap-servers"
- name: KAFKA_SASL_PLAIN_USERNAME
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-username"
- name: KAFKA_SASL_PLAIN_PASSWORD
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-password"
- name: KAFKA_SSL_CAFILE
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-ca-file"
- name: AUTH_ADMIN_USERNAME
secretName:
_default: "auth-secret"
secretKey: "admin-username"
- name: AUTH_ADMIN_PASSWORD
secretName:
_default: "auth-secret"
secretKey: "admin-password"
- name: USER_DB_NAME
secretName:
_default: "user-db-secret"
secretKey: "user-db-name"
- name: USER_DB_USER
secretName:
_default: "user-db-secret"
secretKey: "user-db-user"
- name: USER_DB_PASSWORD
secretName:
_default: "user-db-secret"
secretKey: "user-db-password"
- name: USER_DB_HOST
secretName:
_default: "user-db-secret"
secretKey: "user-db-host"
- name: USER_DB_PORT
secretName:
_default: "user-db-secret"
secretKey: "user-db-port"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/ams-sync/base/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: ams-sync
resources:
- helmrelease.yaml

220
apps/ams-sync/brusnika-stage/backend.yaml Normal file
View File

@ -0,0 +1,220 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ams-sync
namespace: ams-sync
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/ams-sync:ugok
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: ams-sync
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: ams-sync
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
volumes:
_default:
- name: kafka-cert
mountPath:
_default: /etc/ca-certificates/Yandex/
subPath:
_default: YandexInternalRootCA.crt
readOnly:
_default: true
configMap:
name:
_default: kafka-cert
items:
- key: YandexInternalRootCA.crt
path:
_default: YandexInternalRootCA.crt
labels:
monitoring: prometheus
envs:
- name: AMS_SYNC_TOPIC
value:
_default: "ams-sync"
- name: ENVIRONMENT
value:
_default: "PRODUCTION"
- name: HOST_ORGANIZATION_ID
value:
_default: "368536846176636704"
- name: ALERT_ENABLED
value:
_default: "False"
- name: USER_SERVER_HOST
value:
_default: "https://sarex.ugok.lan"
- name: AUTH_HOST
value:
_default: "https://sarex.ugok.lan"
- name: VERIFY_USERS
value:
_default: "True"
- name: KAFKA_SECURITY_PROTOCOL
value:
_default: "SSL"
- name: KAFKA_SASL_MECHANISM
value:
_default: "SCRAM-SHA-512"
secretEnvs:
- name: TELEGRAM_TOKEN
secretName:
_default: "telegram-secret"
secretKey: "telegram-token"
- name: TELEGRAM_GROUP_ID
secretName:
_default: "telegram-secret"
secretKey: "telegram-group-id"
- name: ZITADEL_HOST
secretName:
_default: "zitadel-token-secret"
secretKey: "zitadel-host"
- name: ZITADEL_SERVICE_ACCESS_TOKEN
secretName:
_default: "zitadel-token-secret"
secretKey: "zitadel-access-token"
- name: KAFKA_BOOTSTRAP_SERVERS
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-bootstrap-servers"
- name: KAFKA_SASL_PLAIN_USERNAME
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-username"
- name: KAFKA_SASL_PLAIN_PASSWORD
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-password"
- name: KAFKA_SSL_CAFILE
secretName:
_default: "ams-kafka-secret"
secretKey: "kafka-ca-file"
- name: AUTH_ADMIN_USERNAME
secretName:
_default: "auth-secret"
secretKey: "admin-username"
- name: AUTH_ADMIN_PASSWORD
secretName:
_default: "auth-secret"
secretKey: "admin-password"
- name: USER_DB_NAME
secretName:
_default: "user-db-secret"
secretKey: "user-db-name"
- name: USER_DB_USER
secretName:
_default: "user-db-secret"
secretKey: "user-db-user"
- name: USER_DB_PASSWORD
secretName:
_default: "user-db-secret"
secretKey: "user-db-password"
- name: USER_DB_HOST
secretName:
_default: "user-db-secret"
secretKey: "user-db-host"
- name: USER_DB_PORT
secretName:
_default: "user-db-secret"
secretKey: "user-db-port"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/ams-sync/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: ams-sync
resources:
- backend.yaml

1
clusters/brusnika-stage/kustomization.yaml
View File

@ -32,3 +32,4 @@ resources:
- ../../apps/notes/brusnika-stage - ../../apps/notes/brusnika-stage
- ../../apps/message-hub/brusnika-stage - ../../apps/message-hub/brusnika-stage
- ../../apps/drawings/brusnika-stage - ../../apps/drawings/brusnika-stage
- ../../apps/ams-sync/brusnika-stage