190 lines
4.0 KiB
YAML
190 lines
4.0 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: iam-backend
|
|
namespace: iam
|
|
|
|
spec:
|
|
interval: 10m
|
|
|
|
chart:
|
|
spec:
|
|
chart: universal-chart
|
|
version: "0.1.7"
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: yc-oci-charts
|
|
namespace: flux-system
|
|
interval: 10m
|
|
|
|
install:
|
|
remediation:
|
|
retries: 3
|
|
|
|
upgrade:
|
|
remediation:
|
|
retries: 3
|
|
|
|
values:
|
|
global:
|
|
env: _default
|
|
|
|
services:
|
|
backend:
|
|
enabled: true
|
|
|
|
image:
|
|
name:
|
|
_default: cr.yandex/crp3ccidau046kdj8g9q/iams:production_786e19c3
|
|
pullPolicy:
|
|
_default: IfNotPresent
|
|
|
|
deployment:
|
|
enabled: true
|
|
|
|
name:
|
|
_default: iam-backend
|
|
|
|
replicaCount:
|
|
_default: 1
|
|
stage: 1
|
|
preprod: 3
|
|
production: 3
|
|
|
|
port:
|
|
_default: 8080
|
|
|
|
probes:
|
|
liveness:
|
|
enabled: false
|
|
readiness:
|
|
enabled: false
|
|
|
|
service:
|
|
enabled: true
|
|
|
|
name:
|
|
_default: iam-backend
|
|
|
|
type:
|
|
_default: ClusterIP
|
|
|
|
port:
|
|
_default: 8000
|
|
|
|
targetPort:
|
|
_default: 8080
|
|
|
|
portName:
|
|
_default: http
|
|
|
|
imagePullSecrets:
|
|
enabled:
|
|
_default: true
|
|
name:
|
|
_default: regcred
|
|
labels:
|
|
monitoring: prometheus
|
|
|
|
envs:
|
|
- name: ENVIRONMENT
|
|
value:
|
|
_default: "prod"
|
|
|
|
- name: LOG_LEVEL
|
|
value:
|
|
_default: "debug"
|
|
|
|
- name: HTTP_PORT
|
|
value:
|
|
_default: "8080"
|
|
|
|
- name: HTTP_READ_BUFFER_SIZE
|
|
value:
|
|
_default: "131072"
|
|
|
|
- name: DB_MIGRATIONS_PATH
|
|
value:
|
|
_default: "migrations"
|
|
|
|
- name: S3_ENABLED
|
|
value:
|
|
_default: "true"
|
|
|
|
- name: S3_ENDPOINT_URL
|
|
value:
|
|
_default: "http://minio-svc.minio.svc.cluster.local:9000"
|
|
|
|
- name: S3_BUCKET_NAME
|
|
value:
|
|
_default: "sarex-media-storage"
|
|
|
|
- name: S3_REGION
|
|
value:
|
|
_default: "ru-central1"
|
|
|
|
- name: S3_PRESIGN_EXPIRES
|
|
value:
|
|
_default: "1h"
|
|
|
|
- name: KAFKA_ENABLED
|
|
value:
|
|
_default: "false"
|
|
|
|
- name: KAFKA_SECURITY_PROTOCOL
|
|
value:
|
|
_default: "SASL_SSL"
|
|
|
|
- name: KAFKA_SASL_MECHANISM
|
|
value:
|
|
_default: "SCRAM-SHA-512"
|
|
|
|
- name: KAFKA_BROKERS
|
|
value:
|
|
_default: "local:9091"
|
|
|
|
- name: KAFKA_SSL_CAFILE
|
|
value:
|
|
_default: "/etc/ca-certificates/Yandex/ca-cert"
|
|
|
|
- name: KAFKA_TOPIC_RESOURCES
|
|
value:
|
|
_default: "resources"
|
|
|
|
- name: KAFKA_TOPIC_RESOURCE_PERMISSIONS
|
|
value:
|
|
_default: "resource_permissions"
|
|
|
|
- name: KAFKA_TOPIC_COMPANY_RESOURCE_PERMISSIONS
|
|
value:
|
|
_default: "company_resource_permissions"
|
|
secretEnvs:
|
|
- name: DB_DSN
|
|
secretName:
|
|
_default: "iams-secret"
|
|
secretKey: "db-dsn"
|
|
|
|
- name: KAFKA_SASL_PLAIN_USERNAME
|
|
secretName:
|
|
_default: "iams-secret"
|
|
secretKey: "kafka-sasl-plain-username"
|
|
|
|
- name: KAFKA_SASL_PLAIN_PASSWORD
|
|
secretName:
|
|
_default: "iams-secret"
|
|
secretKey: "kafka-sasl-plain-password"
|
|
|
|
- name: S3_ACCESS_KEY_ID
|
|
secretName:
|
|
_default: "yc-s3-secret"
|
|
secretKey: "key_id"
|
|
|
|
- name: S3_SECRET_ACCESS_KEY
|
|
secretName:
|
|
_default: "yc-s3-secret"
|
|
secretKey: "access_key"
|
|
|
|
commitSha: ""
|
|
gitlabUri: ""
|
|
gitlabJobUrl: ""
|
|
owner: "" |