iac/apps/flows/base/backend-deployment.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend
  namespace: flows
  labels:
    app: backend
    service: backend
spec:
  replicas: 1
  selector:
    matchLabels:
      app: backend
  template:
    metadata:
      labels:
        app: backend
        service: backend
      annotations:
        traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
        vault.hashicorp.com/agent-init-first: "true"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/auth-path: auth/kubernetes
        vault.hashicorp.com/role: flows
        vault.hashicorp.com/agent-inject-secret-flows-postgresql: secrets/data/postgresql/apps/flows
        vault.hashicorp.com/agent-inject-template-flows-postgresql: |-
          {{- with secret "secrets/data/postgresql/apps/flows" -}}
          PG_DB=flows_db
          PG_LOGIN={{ index .Data.data "username" }}
          PG_HOST=postgresql.flows.svc.cluster.local
          PG_PORT=5432
          PG_PASSWORD={{ index .Data.data "password" }}
          DOCUMENTATION_PG_HOST=postgresql.flows.svc.cluster.local
          DOCUMENTATION_PG_PORT=5432
          DOCUMENTATION_PG_DATABASE=flows_db
          DOCUMENTATION_PG_USERNAME={{ index .Data.data "username" }}
          DOCUMENTATION_PG_PASSWORD={{ index .Data.data "password" }}
          {{- end -}}          
        vault.hashicorp.com/agent-inject-secret-flows-rabbitmq: secrets/data/rabbitmq/apps/flows
        vault.hashicorp.com/agent-inject-template-flows-rabbitmq: |-
          {{- with secret "secrets/data/rabbitmq/apps/flows" -}}
          RABBITMQ_USERNAME={{ index .Data.data "username" }}
          RABBITMQ_PASSWORD={{ index .Data.data "password" }}
          RABBITMQ_VHOST={{ index .Data.data "vhost" }}
          RABBITMQ_HOST=rabbitmq.rabbitmq.svc.cluster.local
          RABBITMQ_PORT=5672
          ADMIN_PANEL_SECRET_KEY=rabbitmq.rabbitmq:5672
          {{- end -}}          
        vault.hashicorp.com/agent-inject-secret-flows-django-auth: secrets/data/vault/common/django_auth
        vault.hashicorp.com/agent-inject-template-flows-django-auth: |-
          {{- with secret "secrets/data/vault/common/django_auth" -}}
          DJANGO_TOKEN={{ index .Data.data "key" }}
          {{- end -}}          
        vault.hashicorp.com/agent-inject-secret-flows-jwt-public: secrets/data/vault/common/rsa_keys
        vault.hashicorp.com/agent-inject-template-flows-jwt-public: |-
          {{- with secret "secrets/data/vault/common/rsa_keys" -}}
          {{ index .Data.data "public_key" }}
          {{- end -}}          
    spec:
      serviceAccountName: flows-vault
      containers:
        - name: backend
          image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_2a439111
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-ec"]
          args:
            - |
              set -a
              [ -f /vault/secrets/flows-postgresql ] && . /vault/secrets/flows-postgresql
              [ -f /vault/secrets/flows-rabbitmq ] && . /vault/secrets/flows-rabbitmq
              [ -f /vault/secrets/flows-django-auth ] && . /vault/secrets/flows-django-auth
              [ -f /vault/secrets/flows-jwt-public ] && export JWT_PUBLIC_KEY="$(cat /vault/secrets/flows-jwt-public)"
              set +a
              exec /opt/entrypoint.sh              
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          env:
            - name: LOG_LEVEL
              value: DEBUG
            - name: BASE_HOST
              value: https://srx.wb.ru
            - name: CELERY_QUEUE
              value: flow
            - name: EAV_HOST
              value: http://backend-svc.eav.svc.cluster.local:80
            - name: DJANGO_HOST
              value: http://backend-svc.django.svc.cluster.local:80/api
            - name: PLANNING_HOST
              value: http://backend-svc.pm.svc.cluster.local:80/api/pm/msp
            - name: PLANNING_USE
              value: "True"
            - name: DOCUMENTATION_HOST
              value: http://backend-api-svc.documentations.svc.cluster.local:80/internal/v1
            - name: DOCUMENTATION_EXTERNAL_HOST
              value: http://backend-api-svc.documentations.svc.cluster.local:80/api/v1
            - name: ENABLE_ANALYTICS
              value: "1"
            - name: ENABLE_CELERY
              value: "1"
            - name: ENABLE_MAILGUN
              value: "0"
            - name: ENABLE_METRICS
              value: "0"
            - name: FROM_EMAIL
              value: sarex@rwb.ru
            - name: GATEWAY_URL
              value: http://pdm-api.documentations.svc.cluster.local:8080
            - name: RESOURCE_URL
              value: http://resources-service.resources.svc.cluster.local:8000
            - name: SERVICE_HOST
              value: https://srx.wb.ru/flows/api/v1
            - name: SMTP_HOST
              value: mail.rwb.ru
            - name: CHECKLIST_HOST
              value: http://checklists-backend-service.checklists.svc.cluster.local:80
            - name: SMTP_PORT
              value: "465"
            - name: SYNC_RESOURCE_ID
              value: "1"
            - name: TIMEOUT
              value: "120"
            - name: WORKFLOWS_HOST
              value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1
            - name: WORKFLOWS_TIMEOUT
              value: "60"
            - name: DOCUMENTATION_TIMEOUT
              value: "60"
          resources:
            requests:
              cpu: "100m"
              memory: 256Mi
      imagePullSecrets:
        - name: regcred