sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

++

Browse Source
This commit is contained in:
ivan 2026-06-11 15:19:29 +05:00
parent 95d82a70b4
commit ef69ec43a5
17 changed files with 690 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
apps/auth-flow/base/deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: auth-flow
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
version: stable
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/auth-flow-frontend:production_48bec2ff
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 25m
memory: 100Mi
imagePullSecrets:
- name: regcred

8
apps/auth-flow/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: auth-flow
resources:
- namespace.yaml
- deployment.yaml
- service.yaml

7
apps/auth-flow/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: auth-flow
labels:
istio-injection: enabled

15
apps/auth-flow/base/service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
namespace: reviews
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

92
apps/auth-flow/brusnika-prod/helmrelease.yaml Normal file
View File

@ -0,0 +1,92 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: frontend
namespace: auth-flow
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/auth-flow-frontend:production_48bec2ff
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/auth-flow/brusnika-prod/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: auth-flow
resources:
- helmrelease.yaml

92
apps/auth-flow/brusnika-stage/helmrelease.yaml Normal file
View File

@ -0,0 +1,92 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: frontend
namespace: auth-flow
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/auth-flow-frontend:production_48bec2ff
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: frontend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: frontend-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/auth-flow/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: auth-flow
resources:
- helmrelease.yaml

10
apps/auth-flow/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: frontend

8
apps/auth-flow/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: reviews
spec:
replicas: 1

190
apps/iam/brusnika-prod/backend.yaml Normal file
View File

@ -0,0 +1,190 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: iam-backend
namespace: iam
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/iams:production_786e19c3
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: iam-backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: iam-backend
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: ENVIRONMENT
value:
_default: "prod"
- name: LOG_LEVEL
value:
_default: "debug"
- name: HTTP_PORT
value:
_default: "8080"
- name: HTTP_READ_BUFFER_SIZE
value:
_default: "131072"
- name: DB_MIGRATIONS_PATH
value:
_default: "migrations"
- name: S3_ENABLED
value:
_default: "true"
- name: S3_ENDPOINT_URL
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: S3_BUCKET_NAME
value:
_default: "sarex-media-storage"
- name: S3_REGION
value:
_default: "ru-central1"
- name: S3_PRESIGN_EXPIRES
value:
_default: "1h"
- name: KAFKA_ENABLED
value:
_default: "false"
- name: KAFKA_SECURITY_PROTOCOL
value:
_default: "SASL_SSL"
- name: KAFKA_SASL_MECHANISM
value:
_default: "SCRAM-SHA-512"
- name: KAFKA_BROKERS
value:
_default: "local:9091"
- name: KAFKA_SSL_CAFILE
value:
_default: "/etc/ca-certificates/Yandex/ca-cert"
- name: KAFKA_TOPIC_RESOURCES
value:
_default: "resources"
- name: KAFKA_TOPIC_RESOURCE_PERMISSIONS
value:
_default: "resource_permissions"
- name: KAFKA_TOPIC_COMPANY_RESOURCE_PERMISSIONS
value:
_default: "company_resource_permissions"
secretEnvs:
- name: DB_DSN
secretName:
_default: "iams-secret"
secretKey: "db-dsn"
- name: KAFKA_SASL_PLAIN_USERNAME
secretName:
_default: "iams-secret"
secretKey: "kafka-sasl-plain-username"
- name: KAFKA_SASL_PLAIN_PASSWORD
secretName:
_default: "iams-secret"
secretKey: "kafka-sasl-plain-password"
- name: S3_ACCESS_KEY_ID
secretName:
_default: "yc-s3-secret"
secretKey: "key_id"
- name: S3_SECRET_ACCESS_KEY
secretName:
_default: "yc-s3-secret"
secretKey: "access_key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/iam/brusnika-prod/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: iam
resources:
- backend.yaml

190
apps/iam/brusnika-stage/backend.yaml Normal file
View File

@ -0,0 +1,190 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: iam-backend
namespace: iam
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/iams:production_786e19c3
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: iam-backend
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8080
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: iam-backend
type:
_default: ClusterIP
port:
_default: 8000
targetPort:
_default: 8080
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: ENVIRONMENT
value:
_default: "prod"
- name: LOG_LEVEL
value:
_default: "debug"
- name: HTTP_PORT
value:
_default: "8080"
- name: HTTP_READ_BUFFER_SIZE
value:
_default: "131072"
- name: DB_MIGRATIONS_PATH
value:
_default: "migrations"
- name: S3_ENABLED
value:
_default: "true"
- name: S3_ENDPOINT_URL
value:
_default: "http://minio-svc.minio.svc.cluster.local:9000"
- name: S3_BUCKET_NAME
value:
_default: "sarex-media-storage"
- name: S3_REGION
value:
_default: "ru-central1"
- name: S3_PRESIGN_EXPIRES
value:
_default: "1h"
- name: KAFKA_ENABLED
value:
_default: "false"
- name: KAFKA_SECURITY_PROTOCOL
value:
_default: "SASL_SSL"
- name: KAFKA_SASL_MECHANISM
value:
_default: "SCRAM-SHA-512"
- name: KAFKA_BROKERS
value:
_default: "local:9091"
- name: KAFKA_SSL_CAFILE
value:
_default: "/etc/ca-certificates/Yandex/ca-cert"
- name: KAFKA_TOPIC_RESOURCES
value:
_default: "resources"
- name: KAFKA_TOPIC_RESOURCE_PERMISSIONS
value:
_default: "resource_permissions"
- name: KAFKA_TOPIC_COMPANY_RESOURCE_PERMISSIONS
value:
_default: "company_resource_permissions"
secretEnvs:
- name: DB_DSN
secretName:
_default: "iams-secret"
secretKey: "db-dsn"
- name: KAFKA_SASL_PLAIN_USERNAME
secretName:
_default: "iams-secret"
secretKey: "kafka-sasl-plain-username"
- name: KAFKA_SASL_PLAIN_PASSWORD
secretName:
_default: "iams-secret"
secretKey: "kafka-sasl-plain-password"
- name: S3_ACCESS_KEY_ID
secretName:
_default: "yc-s3-secret"
secretKey: "key_id"
- name: S3_SECRET_ACCESS_KEY
secretName:
_default: "yc-s3-secret"
secretKey: "access_key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

6
apps/iam/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: iam
resources:
- backend.yaml

10
apps/iam/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: frontend

8
apps/iam/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: iam
namespace: iam
spec:
replicas: 1

4
clusters/brusnika-stage/kustomization.yaml
View File

@ -32,4 +32,6 @@ resources:
- ../../apps/notes/brusnika-stage
- ../../apps/message-hub/brusnika-stage
- ../../apps/drawings/brusnika-stage
- ../../apps/ams-sync/brusnika-stage
- ../../apps/ams-sync/brusnika-stage
- ../../apps/iam/brusnika-stage
- ../../apps/auth-flow/brusnika-stage