feat: scaffold files service

This commit is contained in:
Grendgi
2026-06-16 12:41:36 +03:00
commit cf92fda20e
25 changed files with 1665 additions and 0 deletions

12
k8s/configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: files-config
namespace: files
data:
SERVER_PORT: "3001"
PUBLIC_BASE_URL: "https://portal.estateliga.work"
MINIO_ENDPOINT: "minio.minio.svc.cluster.local:9000"
MINIO_BUCKET: "portal-files"
MINIO_USE_SSL: "false"

10
k8s/kustomization.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- configmap.yaml
- secrets.yaml
- postgres.yaml
- server-service.yaml
- server-deployment.yaml

5
k8s/namespace.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: Namespace
metadata:
name: files

55
k8s/postgres.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: files
spec:
selector:
app: files-postgres
ports:
- port: 5432
targetPort: 5432
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
namespace: files
spec:
serviceName: postgres
replicas: 1
selector:
matchLabels:
app: files-postgres
template:
metadata:
labels:
app: files-postgres
spec:
containers:
- name: postgres
image: postgres:17-alpine
ports:
- containerPort: 5432
envFrom:
- secretRef:
name: postgres-secret
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi

24
k8s/secrets.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v1
kind: Secret
metadata:
name: files-secrets
namespace: files
type: Opaque
stringData:
DATABASE_URL: "postgres://files:files@postgres.files.svc.cluster.local:5432/files?sslmode=disable"
PORTAL_INTERNAL_API_KEY: "36fe89ed40c01fdc54d3cf4e3fcacc8751dc456a4a1acd394e9fed48257c5734"
INTERNAL_API_KEY: "36fe89ed40c01fdc54d3cf4e3fcacc8751dc456a4a1acd394e9fed48257c5734"
MINIO_ACCESS_KEY: "files-svc"
MINIO_SECRET_KEY: "REPLACE_AFTER_FIRST_DEPLOY"
---
apiVersion: v1
kind: Secret
metadata:
name: postgres-secret
namespace: files
type: Opaque
stringData:
POSTGRES_USER: files
POSTGRES_PASSWORD: files
POSTGRES_DB: files

View File

@@ -0,0 +1,87 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: files-server
namespace: files
spec:
replicas: 2
selector:
matchLabels:
app: files-server
template:
metadata:
labels:
app: files-server
spec:
terminationGracePeriodSeconds: 15
securityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
fsGroup: 65532
seccompProfile:
type: RuntimeDefault
containers:
- name: files-server
image: localhost:30300/admin/files-server:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 3001
envFrom:
- configMapRef:
name: files-config
- secretRef:
name: files-secrets
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
startupProbe:
httpGet:
path: /healthz
port: 3001
periodSeconds: 5
failureThreshold: 30
livenessProbe:
httpGet:
path: /healthz
port: 3001
periodSeconds: 10
readinessProbe:
httpGet:
path: /readyz
port: 3001
periodSeconds: 5
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 500m
memory: 512Mi
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: files-server
namespace: files
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: files-server
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70

12
k8s/server-service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: files-server
namespace: files
spec:
selector:
app: files-server
ports:
- port: 80
targetPort: 3001