diff --git a/apps/auth-flow/base/deployment.yaml b/apps/auth-flow/base/deployment.yaml new file mode 100644 index 0000000..9dcfcaa --- /dev/null +++ b/apps/auth-flow/base/deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: auth-flow + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + version: stable + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/auth-flow-frontend:production_48bec2ff + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 25m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/auth-flow/base/kustomization.yaml b/apps/auth-flow/base/kustomization.yaml new file mode 100644 index 0000000..e409bc5 --- /dev/null +++ b/apps/auth-flow/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: auth-flow +resources: + - namespace.yaml + - deployment.yaml + - service.yaml diff --git a/apps/auth-flow/base/namespace.yaml b/apps/auth-flow/base/namespace.yaml new file mode 100644 index 0000000..91d2c4c --- /dev/null +++ b/apps/auth-flow/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: auth-flow + labels: + istio-injection: enabled \ No newline at end of file diff --git a/apps/auth-flow/base/service.yaml b/apps/auth-flow/base/service.yaml new file mode 100644 index 0000000..9acd592 --- /dev/null +++ b/apps/auth-flow/base/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-svc + namespace: reviews +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/auth-flow/brusnika-prod/helmrelease.yaml b/apps/auth-flow/brusnika-prod/helmrelease.yaml new file mode 100644 index 0000000..5e79bae --- /dev/null +++ b/apps/auth-flow/brusnika-prod/helmrelease.yaml @@ -0,0 +1,92 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: auth-flow + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + + values: + global: + env: _default + + services: + frontend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/auth-flow-frontend:production_48bec2ff + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: frontend + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 80 + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: frontend-service + + + type: + _default: ClusterIP + + port: + _default: 80 + + targetPort: + _default: 80 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" \ No newline at end of file diff --git a/apps/auth-flow/brusnika-prod/kustomization.yaml b/apps/auth-flow/brusnika-prod/kustomization.yaml new file mode 100644 index 0000000..5b1c175 --- /dev/null +++ b/apps/auth-flow/brusnika-prod/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: auth-flow +resources: + - helmrelease.yaml diff --git a/apps/auth-flow/brusnika-stage/helmrelease.yaml b/apps/auth-flow/brusnika-stage/helmrelease.yaml new file mode 100644 index 0000000..5e79bae --- /dev/null +++ b/apps/auth-flow/brusnika-stage/helmrelease.yaml @@ -0,0 +1,92 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: auth-flow + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + + values: + global: + env: _default + + services: + frontend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/auth-flow-frontend:production_48bec2ff + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: frontend + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 80 + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: frontend-service + + + type: + _default: ClusterIP + + port: + _default: 80 + + targetPort: + _default: 80 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" \ No newline at end of file diff --git a/apps/auth-flow/brusnika-stage/kustomization.yaml b/apps/auth-flow/brusnika-stage/kustomization.yaml new file mode 100644 index 0000000..5b1c175 --- /dev/null +++ b/apps/auth-flow/brusnika-stage/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: auth-flow +resources: + - helmrelease.yaml diff --git a/apps/auth-flow/yc-k8s-test/kustomization.yaml b/apps/auth-flow/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/auth-flow/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/auth-flow/yc-k8s-test/replicas.yaml b/apps/auth-flow/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..075b22d --- /dev/null +++ b/apps/auth-flow/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: reviews +spec: + replicas: 1 diff --git a/apps/iam/brusnika-prod/backend.yaml b/apps/iam/brusnika-prod/backend.yaml new file mode 100644 index 0000000..1cdc25c --- /dev/null +++ b/apps/iam/brusnika-prod/backend.yaml @@ -0,0 +1,190 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: iam-backend + namespace: iam + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + + values: + global: + env: _default + + services: + backend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/iams:production_786e19c3 + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: iam-backend + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 8080 + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: iam-backend + + type: + _default: ClusterIP + + port: + _default: 8000 + + targetPort: + _default: 8080 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + + envs: + - name: ENVIRONMENT + value: + _default: "prod" + + - name: LOG_LEVEL + value: + _default: "debug" + + - name: HTTP_PORT + value: + _default: "8080" + + - name: HTTP_READ_BUFFER_SIZE + value: + _default: "131072" + + - name: DB_MIGRATIONS_PATH + value: + _default: "migrations" + + - name: S3_ENABLED + value: + _default: "true" + + - name: S3_ENDPOINT_URL + value: + _default: "http://minio-svc.minio.svc.cluster.local:9000" + + - name: S3_BUCKET_NAME + value: + _default: "sarex-media-storage" + + - name: S3_REGION + value: + _default: "ru-central1" + + - name: S3_PRESIGN_EXPIRES + value: + _default: "1h" + + - name: KAFKA_ENABLED + value: + _default: "false" + + - name: KAFKA_SECURITY_PROTOCOL + value: + _default: "SASL_SSL" + + - name: KAFKA_SASL_MECHANISM + value: + _default: "SCRAM-SHA-512" + + - name: KAFKA_BROKERS + value: + _default: "local:9091" + + - name: KAFKA_SSL_CAFILE + value: + _default: "/etc/ca-certificates/Yandex/ca-cert" + + - name: KAFKA_TOPIC_RESOURCES + value: + _default: "resources" + + - name: KAFKA_TOPIC_RESOURCE_PERMISSIONS + value: + _default: "resource_permissions" + + - name: KAFKA_TOPIC_COMPANY_RESOURCE_PERMISSIONS + value: + _default: "company_resource_permissions" + secretEnvs: + - name: DB_DSN + secretName: + _default: "iams-secret" + secretKey: "db-dsn" + + - name: KAFKA_SASL_PLAIN_USERNAME + secretName: + _default: "iams-secret" + secretKey: "kafka-sasl-plain-username" + + - name: KAFKA_SASL_PLAIN_PASSWORD + secretName: + _default: "iams-secret" + secretKey: "kafka-sasl-plain-password" + + - name: S3_ACCESS_KEY_ID + secretName: + _default: "yc-s3-secret" + secretKey: "key_id" + + - name: S3_SECRET_ACCESS_KEY + secretName: + _default: "yc-s3-secret" + secretKey: "access_key" + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" \ No newline at end of file diff --git a/apps/iam/brusnika-prod/kustomization.yaml b/apps/iam/brusnika-prod/kustomization.yaml new file mode 100644 index 0000000..bb1ca56 --- /dev/null +++ b/apps/iam/brusnika-prod/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: iam +resources: + - backend.yaml \ No newline at end of file diff --git a/apps/iam/brusnika-stage/backend.yaml b/apps/iam/brusnika-stage/backend.yaml new file mode 100644 index 0000000..1cdc25c --- /dev/null +++ b/apps/iam/brusnika-stage/backend.yaml @@ -0,0 +1,190 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: iam-backend + namespace: iam + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + + values: + global: + env: _default + + services: + backend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/iams:production_786e19c3 + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: iam-backend + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 8080 + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: iam-backend + + type: + _default: ClusterIP + + port: + _default: 8000 + + targetPort: + _default: 8080 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + + envs: + - name: ENVIRONMENT + value: + _default: "prod" + + - name: LOG_LEVEL + value: + _default: "debug" + + - name: HTTP_PORT + value: + _default: "8080" + + - name: HTTP_READ_BUFFER_SIZE + value: + _default: "131072" + + - name: DB_MIGRATIONS_PATH + value: + _default: "migrations" + + - name: S3_ENABLED + value: + _default: "true" + + - name: S3_ENDPOINT_URL + value: + _default: "http://minio-svc.minio.svc.cluster.local:9000" + + - name: S3_BUCKET_NAME + value: + _default: "sarex-media-storage" + + - name: S3_REGION + value: + _default: "ru-central1" + + - name: S3_PRESIGN_EXPIRES + value: + _default: "1h" + + - name: KAFKA_ENABLED + value: + _default: "false" + + - name: KAFKA_SECURITY_PROTOCOL + value: + _default: "SASL_SSL" + + - name: KAFKA_SASL_MECHANISM + value: + _default: "SCRAM-SHA-512" + + - name: KAFKA_BROKERS + value: + _default: "local:9091" + + - name: KAFKA_SSL_CAFILE + value: + _default: "/etc/ca-certificates/Yandex/ca-cert" + + - name: KAFKA_TOPIC_RESOURCES + value: + _default: "resources" + + - name: KAFKA_TOPIC_RESOURCE_PERMISSIONS + value: + _default: "resource_permissions" + + - name: KAFKA_TOPIC_COMPANY_RESOURCE_PERMISSIONS + value: + _default: "company_resource_permissions" + secretEnvs: + - name: DB_DSN + secretName: + _default: "iams-secret" + secretKey: "db-dsn" + + - name: KAFKA_SASL_PLAIN_USERNAME + secretName: + _default: "iams-secret" + secretKey: "kafka-sasl-plain-username" + + - name: KAFKA_SASL_PLAIN_PASSWORD + secretName: + _default: "iams-secret" + secretKey: "kafka-sasl-plain-password" + + - name: S3_ACCESS_KEY_ID + secretName: + _default: "yc-s3-secret" + secretKey: "key_id" + + - name: S3_SECRET_ACCESS_KEY + secretName: + _default: "yc-s3-secret" + secretKey: "access_key" + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" \ No newline at end of file diff --git a/apps/iam/brusnika-stage/kustomization.yaml b/apps/iam/brusnika-stage/kustomization.yaml new file mode 100644 index 0000000..bb1ca56 --- /dev/null +++ b/apps/iam/brusnika-stage/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: iam +resources: + - backend.yaml \ No newline at end of file diff --git a/apps/iam/yc-k8s-test/kustomization.yaml b/apps/iam/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/iam/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/iam/yc-k8s-test/replicas.yaml b/apps/iam/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..07363e3 --- /dev/null +++ b/apps/iam/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: iam + namespace: iam +spec: + replicas: 1 diff --git a/clusters/brusnika-stage/kustomization.yaml b/clusters/brusnika-stage/kustomization.yaml index c05d1ef..b7d84b5 100644 --- a/clusters/brusnika-stage/kustomization.yaml +++ b/clusters/brusnika-stage/kustomization.yaml @@ -32,4 +32,6 @@ resources: - ../../apps/notes/brusnika-stage - ../../apps/message-hub/brusnika-stage - ../../apps/drawings/brusnika-stage - - ../../apps/ams-sync/brusnika-stage \ No newline at end of file + - ../../apps/ams-sync/brusnika-stage + - ../../apps/iam/brusnika-stage + - ../../apps/auth-flow/brusnika-stage \ No newline at end of file