From 42ad7e986b18702d744f37f720549f2f8d5555cc Mon Sep 17 00:00:00 2001 From: emelinda Date: Wed, 15 Apr 2026 16:25:34 +0300 Subject: [PATCH 1/5] Add RFI app with backend, frontend, Celery deployments, services, namespace, and PostgreSQL configuration in yc-k8s-test --- apps/rfi/base/backend-deployment.yaml | 123 ++++++++++++++++++++++ apps/rfi/base/backend-service.yaml | 15 +++ apps/rfi/base/celery-deployment.yaml | 133 ++++++++++++++++++++++++ apps/rfi/base/frontend-deployment.yaml | 32 ++++++ apps/rfi/base/frontend-service.yaml | 15 +++ apps/rfi/base/kustomization.yaml | 11 ++ apps/rfi/base/namespace.yaml | 7 ++ apps/rfi/yc-k8s-test/kustomization.yaml | 7 ++ apps/rfi/yc-k8s-test/postgresql.yaml | 110 ++++++++++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 10 files changed, 455 insertions(+), 1 deletion(-) create mode 100644 apps/rfi/base/backend-deployment.yaml create mode 100644 apps/rfi/base/backend-service.yaml create mode 100644 apps/rfi/base/celery-deployment.yaml create mode 100644 apps/rfi/base/frontend-deployment.yaml create mode 100644 apps/rfi/base/frontend-service.yaml create mode 100644 apps/rfi/base/kustomization.yaml create mode 100644 apps/rfi/base/namespace.yaml create mode 100644 apps/rfi/yc-k8s-test/kustomization.yaml create mode 100644 apps/rfi/yc-k8s-test/postgresql.yaml diff --git a/apps/rfi/base/backend-deployment.yaml b/apps/rfi/base/backend-deployment.yaml new file mode 100644 index 0000000..ab989dd --- /dev/null +++ b/apps/rfi/base/backend-deployment.yaml @@ -0,0 +1,123 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rfi-backend-api + namespace: rfi + labels: + app: rfi-backend-api + service: api +spec: + replicas: 1 + selector: + matchLabels: + app: rfi-backend-api + template: + metadata: + labels: + app: rfi-backend-api + service: api + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/rfi-backend:production_d1e2e80d + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: JWT_AUTH_ENABLE + value: "True" + - name: NOTIFICATIONS_ENABLE + value: "false" + - name: NOTIFICATIONS_EMAIL_FROM + value: hello@sarex.io + - name: NOTIFICATIONS_SERVICE_URL + value: https://srx.wb.ru/rfi + - name: SAREX_BACKEND_URL + value: http://backend.django.svc.cluster.local:8000 + - name: EAV_URL + value: http://eav-service.eav.svc.cluster.local:8000 + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_HOST + value: rabbitmq.rabbitmq.svc.cluster.local + - name: DJANGO_SECRET_KEY + valueFrom: + secretKeyRef: + name: django-secret + key: django_secret_key + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_USER + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: SAREX_BACKEND_AUTH + valueFrom: + secretKeyRef: + name: django-secret + key: token + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: s3-secret + key: key_id + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: s3-secret + key: access_key + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + name: s3-secret + key: storage_bucket_name + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + name: s3-secret + key: endpoint_url + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbitmq-secret + key: vhost + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: rabbitmq-secret + key: username + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbitmq-secret + key: password + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: dockerhub diff --git a/apps/rfi/base/backend-service.yaml b/apps/rfi/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/rfi/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/rfi/base/celery-deployment.yaml b/apps/rfi/base/celery-deployment.yaml new file mode 100644 index 0000000..a91737a --- /dev/null +++ b/apps/rfi/base/celery-deployment.yaml @@ -0,0 +1,133 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: rfi + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/rfi-backend:dev4 + imagePullPolicy: IfNotPresent + command: + - uv + args: + - run + - celery + - -A + - config + - worker + - -l + - info + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: JWT_AUTH_ENABLE + value: "True" + - name: NOTIFICATIONS_ENABLE + value: "false" + - name: NOTIFICATIONS_EMAIL_FROM + value: hello@sarex.io + - name: NOTIFICATIONS_SERVICE_URL + value: https://lk.srx.wb.ru:30443/rfi + - name: SAREX_BACKEND_URL + value: http://backend.django.svc.cluster.local:8000 + - name: EAV_URL + value: http://eav-service.eav.svc.cluster.local:8000 + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_HOST + value: rabbitmq.rabbitmq.svc.cluster.local + - name: DJANGO_SECRET_KEY + valueFrom: + secretKeyRef: + name: django-secret + key: django_secret_key + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_USER + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: SAREX_BACKEND_AUTH + valueFrom: + secretKeyRef: + name: django-secret + key: token + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: s3-secret + key: key_id + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: s3-secret + key: access_key + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + name: s3-secret + key: storage_bucket_name + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + name: s3-secret + key: endpoint_url + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbitmq-secret + key: vhost + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: rabbitmq-secret + key: username + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbitmq-secret + key: password + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: dockerhub diff --git a/apps/rfi/base/frontend-deployment.yaml b/apps/rfi/base/frontend-deployment.yaml new file mode 100644 index 0000000..f5ad2b4 --- /dev/null +++ b/apps/rfi/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rfi-frontend + namespace: rfi + labels: + app: rfi-frontend +spec: + replicas: 1 + selector: + matchLabels: + app: rfi-frontend + template: + metadata: + labels: + app: rfi-frontend + spec: + containers: + - name: rfi-frontend + image: cr.yandex/crp3ccidau046kdj8g9q/rfi-frontend:production_b827756f_wb + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: dockerhub diff --git a/apps/rfi/base/frontend-service.yaml b/apps/rfi/base/frontend-service.yaml new file mode 100644 index 0000000..13a0f64 --- /dev/null +++ b/apps/rfi/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-frontend-service + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/rfi/base/kustomization.yaml b/apps/rfi/base/kustomization.yaml new file mode 100644 index 0000000..a6f4744 --- /dev/null +++ b/apps/rfi/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: rfi +resources: + - namespace.yaml +# - backend-deployment.yaml +# - celery-deployment.yaml +# - frontend-deployment.yaml +# - backend-service.yaml +# - frontend-service.yaml diff --git a/apps/rfi/base/namespace.yaml b/apps/rfi/base/namespace.yaml new file mode 100644 index 0000000..b9c1047 --- /dev/null +++ b/apps/rfi/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: rfi + labels: + istio-injection: enabled diff --git a/apps/rfi/yc-k8s-test/kustomization.yaml b/apps/rfi/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/rfi/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/rfi/yc-k8s-test/postgresql.yaml b/apps/rfi/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..6e52a7b --- /dev/null +++ b/apps/rfi/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: rfi +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: rfi_db + user: rfi + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 109318e..571fde1 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -15,4 +15,5 @@ resources: - ../../apps/measurements/yc-k8s-test - ../../apps/drawings/yc-k8s-test - ../../apps/comparisons/yc-k8s-test - - ../../apps/contracts/yc-k8s-test \ No newline at end of file + - ../../apps/contracts/yc-k8s-test + - ../../apps/rfi/yc-k8s-test \ No newline at end of file From 25bfa1b542316b8ca72bf046806ae4f0753eb3de Mon Sep 17 00:00:00 2001 From: emelinda Date: Wed, 15 Apr 2026 16:25:57 +0300 Subject: [PATCH 2/5] Comment out PostgreSQL resource in yc-k8s-test kustomization file --- apps/rfi/yc-k8s-test/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/rfi/yc-k8s-test/kustomization.yaml b/apps/rfi/yc-k8s-test/kustomization.yaml index e601931..5ee3750 100644 --- a/apps/rfi/yc-k8s-test/kustomization.yaml +++ b/apps/rfi/yc-k8s-test/kustomization.yaml @@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base - - postgresql.yaml +# - postgresql.yaml patches: [] From 6426c53b86798ced25ba1b23d1162c10d9365a63 Mon Sep 17 00:00:00 2001 From: emelinda Date: Wed, 15 Apr 2026 16:29:02 +0300 Subject: [PATCH 3/5] Update imagePullSecrets and uncomment frontend resources in RFI kustomization --- apps/rfi/base/backend-deployment.yaml | 2 +- apps/rfi/base/celery-deployment.yaml | 2 +- apps/rfi/base/frontend-deployment.yaml | 2 +- apps/rfi/base/kustomization.yaml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/rfi/base/backend-deployment.yaml b/apps/rfi/base/backend-deployment.yaml index ab989dd..30a3272 100644 --- a/apps/rfi/base/backend-deployment.yaml +++ b/apps/rfi/base/backend-deployment.yaml @@ -120,4 +120,4 @@ spec: cpu: "1" memory: 1Gi imagePullSecrets: - - name: dockerhub + - name: regcred diff --git a/apps/rfi/base/celery-deployment.yaml b/apps/rfi/base/celery-deployment.yaml index a91737a..ed4b602 100644 --- a/apps/rfi/base/celery-deployment.yaml +++ b/apps/rfi/base/celery-deployment.yaml @@ -130,4 +130,4 @@ spec: cpu: "1" memory: 1Gi imagePullSecrets: - - name: dockerhub + - name: regcred diff --git a/apps/rfi/base/frontend-deployment.yaml b/apps/rfi/base/frontend-deployment.yaml index f5ad2b4..3521072 100644 --- a/apps/rfi/base/frontend-deployment.yaml +++ b/apps/rfi/base/frontend-deployment.yaml @@ -29,4 +29,4 @@ spec: cpu: 100m memory: 100Mi imagePullSecrets: - - name: dockerhub + - name: regcred diff --git a/apps/rfi/base/kustomization.yaml b/apps/rfi/base/kustomization.yaml index a6f4744..8eec8ae 100644 --- a/apps/rfi/base/kustomization.yaml +++ b/apps/rfi/base/kustomization.yaml @@ -6,6 +6,6 @@ resources: - namespace.yaml # - backend-deployment.yaml # - celery-deployment.yaml -# - frontend-deployment.yaml + - frontend-deployment.yaml # - backend-service.yaml -# - frontend-service.yaml + - frontend-service.yaml From fbeaaa6264286d27cdf7f3ebf3e3c34811656632 Mon Sep 17 00:00:00 2001 From: emelinda Date: Wed, 15 Apr 2026 16:30:27 +0300 Subject: [PATCH 4/5] Rename `rfi-frontend` resources to `frontend` in deployment and service configurations --- apps/rfi/base/frontend-deployment.yaml | 10 +++++----- apps/rfi/base/frontend-service.yaml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/rfi/base/frontend-deployment.yaml b/apps/rfi/base/frontend-deployment.yaml index 3521072..332c8f3 100644 --- a/apps/rfi/base/frontend-deployment.yaml +++ b/apps/rfi/base/frontend-deployment.yaml @@ -2,22 +2,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: rfi-frontend + name: frontend namespace: rfi labels: - app: rfi-frontend + app: frontend spec: replicas: 1 selector: matchLabels: - app: rfi-frontend + app: frontend template: metadata: labels: - app: rfi-frontend + app: frontend spec: containers: - - name: rfi-frontend + - name: frontend image: cr.yandex/crp3ccidau046kdj8g9q/rfi-frontend:production_b827756f_wb imagePullPolicy: IfNotPresent ports: diff --git a/apps/rfi/base/frontend-service.yaml b/apps/rfi/base/frontend-service.yaml index 13a0f64..d269afb 100644 --- a/apps/rfi/base/frontend-service.yaml +++ b/apps/rfi/base/frontend-service.yaml @@ -2,12 +2,12 @@ apiVersion: v1 kind: Service metadata: - name: rfi-frontend-service + name: frontend-service namespace: rfi spec: type: ClusterIP selector: - app: rfi-frontend + app: frontend ports: - name: http port: 80 From eb09fc14e6b330dedd26103c6cdab227c3fca693 Mon Sep 17 00:00:00 2001 From: emelinda Date: Wed, 15 Apr 2026 16:37:43 +0300 Subject: [PATCH 5/5] Uncomment PostgreSQL and backend resources in RFI kustomization files --- apps/rfi/base/kustomization.yaml | 4 ++-- apps/rfi/yc-k8s-test/kustomization.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/rfi/base/kustomization.yaml b/apps/rfi/base/kustomization.yaml index 8eec8ae..1b214bf 100644 --- a/apps/rfi/base/kustomization.yaml +++ b/apps/rfi/base/kustomization.yaml @@ -4,8 +4,8 @@ kind: Kustomization namespace: rfi resources: - namespace.yaml -# - backend-deployment.yaml + - backend-deployment.yaml # - celery-deployment.yaml - frontend-deployment.yaml -# - backend-service.yaml + - backend-service.yaml - frontend-service.yaml diff --git a/apps/rfi/yc-k8s-test/kustomization.yaml b/apps/rfi/yc-k8s-test/kustomization.yaml index 5ee3750..e601931 100644 --- a/apps/rfi/yc-k8s-test/kustomization.yaml +++ b/apps/rfi/yc-k8s-test/kustomization.yaml @@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base -# - postgresql.yaml + - postgresql.yaml patches: []