sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add infra Argo and PostgreSQL contour releases

Browse Source
This commit is contained in:
Kochetkov S 2026-06-11 11:14:13 +03:00
parent 7ed0c6ef0c
commit f3bdf28bd8
13 changed files with 273 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
clusters/yc-infra-prod/infrastructure/kustomization.yaml
View File

@ -1,10 +1,34 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../infrastructure/argo-workflows
- ../../../infrastructure/argo-events
- ../../../infrastructure/postgresql
- ../../../infrastructure/vault-unseal - ../../../infrastructure/vault-unseal
- ../../../infrastructure/vault - ../../../infrastructure/vault
- ../../../infrastructure/yc-pg-dumper - ../../../infrastructure/yc-pg-dumper
patches: patches:
- path: ./patches/argo-workflows.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: argo-workflows
namespace: argo
- path: ./patches/argo-events.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: argo-events
namespace: argo
- path: ./patches/postgresql.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: postgresql
namespace: postgresql
- path: ./patches/vault-unseal.yaml - path: ./patches/vault-unseal.yaml
target: target:
group: helm.toolkit.fluxcd.io group: helm.toolkit.fluxcd.io

41
clusters/yc-infra-prod/infrastructure/patches/argo-events.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: argo-events
namespace: argo
spec:
values:
global:
podAnnotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: "auth/kubernetes"
vault.hashicorp.com/role: "argo-events"
vault.hashicorp.com/agent-inject-secret-argo-events-secret: "secrets/data/yc-infra-prod/infra/argo_events/argo_events_secret"
controller:
podAnnotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: "auth/kubernetes"
vault.hashicorp.com/role: "argo-events"
vault.hashicorp.com/agent-inject-secret-argo-events-secret: "secrets/data/yc-infra-prod/infra/argo_events/argo_events_secret"
nodeSelector:
dedicated: sts
tolerations:
- key: dedicated
operator: Equal
value: sts
effect: NoSchedule
resources:
requests:
cpu: 250m
memory: 512Mi
extraObjects:
- apiVersion: argoproj.io/v1alpha1
kind: EventBus
metadata:
name: default
spec:
jetstream:
version: "2.10.10"
replicas: 3

49
clusters/yc-infra-prod/infrastructure/patches/argo-workflows.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: argo-workflows
namespace: argo
spec:
values:
controller:
workflowNamespaces:
- argo
podAnnotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: "auth/kubernetes"
vault.hashicorp.com/role: "argo-workflows"
vault.hashicorp.com/agent-inject-secret-argo-workflows-secret: "secrets/data/yc-infra-prod/infra/argo_workflows/argo_workflows_secret"
nodeSelector:
kubernetes.io/os: linux
dedicated: sts
tolerations:
- key: dedicated
operator: Equal
value: sts
effect: NoSchedule
resources:
requests:
cpu: 250m
memory: 512Mi
server:
authModes:
- server
podAnnotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: "auth/kubernetes"
vault.hashicorp.com/role: "argo-workflows"
vault.hashicorp.com/agent-inject-secret-argo-workflows-secret: "secrets/data/yc-infra-prod/infra/argo_workflows/argo_workflows_secret"
nodeSelector:
kubernetes.io/os: linux
dedicated: sts
tolerations:
- key: dedicated
operator: Equal
value: sts
effect: NoSchedule
resources:
requests:
cpu: 250m
memory: 512Mi

82
clusters/yc-infra-prod/infrastructure/patches/postgresql.yaml Normal file
View File

@ -0,0 +1,82 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: postgresql
spec:
chart:
spec:
version: "13.0.8"
values:
global:
security:
allowInsecureImages: true
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: "13.0.8"
pullPolicy: IfNotPresent
postgresqlSharedPreloadLibraries: "timescaledb,pg_stat_statements"
primary:
extendedConfiguration: |-
fsync = off
full_page_writes = off
synchronous_commit = off
shared_buffers = 8GB
effective_cache_size = 18GB
work_mem = 256MB
maintenance_work_mem = 2GB
temp_buffers = 256MB
max_wal_size = 32GB
checkpoint_timeout = 1h
checkpoint_completion_target = 0.9
wal_level = minimal
max_wal_senders = 0
archive_mode = off
random_page_cost = 1.1
resources:
requests:
cpu: "6"
memory: 25Gi
limits:
cpu: "6"
memory: 25Gi
nodeSelector:
dedicated: sts
tolerations:
- key: dedicated
operator: Equal
value: sts
effect: NoSchedule
persistence:
storageClass: database-storage
size: 500Gi
contour:
enabled: true
vault:
enabled: true
role: postgresql-contour
authPath: auth/kubernetes
secretPath: secrets/data/yc-infra-prod/infra/postgresql_contour/postgresql_contour_secret
secretKey: postgres-password
usersSecretPath: secrets/data/yc-infra-prod/infra/postgresql_contour/postgresql_users_secret
sharedPreloadLibraries: "timescaledb,pg_stat_statements"
"s3-proxy":
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
databases:
- name: sanitizer
user: sanitizer
passwordKey: sanitizer
extensions:
- ltree
- pg_stat_statements
- postgis
- timescaledb
- uuid-ossp
- pg_trgm
- btree_gin
- btree_gist
- hstore
- pg_partman
- vector
restoreFromDump: false

26
infrastructure/argo-events/base/helmrelease.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: argo-events
namespace: argo
spec:
interval: 10m
dependsOn:
- name: argo-workflows
namespace: argo
chart:
spec:
chart: argo-events-infra
version: "2.4.15"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
createNamespace: true
remediation:
retries: 3
upgrade:
remediation:
retries: 3

5
infrastructure/argo-events/base/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argo
resources:
- helmrelease.yaml

4
infrastructure/argo-events/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- base

23
infrastructure/argo-workflows/base/helmrelease.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: argo-workflows
namespace: argo
spec:
interval: 10m
chart:
spec:
chart: argo-workflows-infra
version: "0.45.12"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
createNamespace: true
remediation:
retries: 3
upgrade:
remediation:
retries: 3

6
infrastructure/argo-workflows/base/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argo
resources:
- namespace.yaml
- helmrelease.yaml

4
infrastructure/argo-workflows/base/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: argo

4
infrastructure/argo-workflows/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- base

1
infrastructure/postgresql/base/kustomization.yaml
View File

@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: postgresql namespace: postgresql
resources: resources:
- namespace.yaml
- helmrelease.yaml - helmrelease.yaml

4
infrastructure/postgresql/base/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: postgresql