[DO-1628] Resize limit/requests (!28)

Co-authored-by: Denis Patrakeev <denis.patrakeev@avroid.team> Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/28 Reviewed-by: Rustam Tagaev <rustam.tagaev@avroid.team> Reviewed-by: Denis Patrakeev <denis.patrakeev@avroid.team>
2025-02-28 15:07:25 +03:00
parent d153756a7f
commit 3ecceb6e07
4 changed files with 72 additions and 18 deletions
--- a/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/.rbac/ingress-certs-secret.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/.rbac/ingress-certs-secret.yaml
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: avroid-tech-tls
-  namespace: tavro-cloud-test
-data:
-# base64 encoded cert see values in vault. Don't push it to git!
-  tls.crt: ""
-  tls.key: ""
-type: kubernetes.io/tls
--- a/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/README.md
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/README.md
@@ -0,0 +1,47 @@
+## Project structure
+```text
+.
+├── README.md
+├── tavro-cloud-test.yaml
+├── .rbac
+├── msg-messenger-core-api
+│   ├── msg-messenger-core-api-network-policy.yaml
+|   └──README.md
+├── vault_cred.sh
+
+Назначение:
+msg-messenger-core-api/msg-messenger-core-api-network-policy.yaml - манифест для создания NetworkPolicy
+tavro-cloud-test.yaml - манифест для создания namespace tavro-cloud-test, квот и NetworkPolicy
+.rbac - кастомные правила для RBAC 
+```
+## Steps
+
+1. Настраиваем env для подключения к Vault
+
+```bash
+export VAULT_ADDR=https://vault.avroid.tech
+export VAULT_TOKEN=xxxxxx # заменить на актуальный
+```
+Чтобы каждый раз не назначать эти переменные, можно их записать в ~/.bashrc или ~/.zshrc
+
+
+2. Готовим namespace:
+```bash
+kubectl apply -f tavro-cloud-test.yaml
+```
+
+2. Запускаем скрипт 
+
+```bash
+./vault_cred.sh
+```
+
+3. Применяем команду в выводе скрипта
+
+4. Применяем остальные манифесты:
+```bash
+kubectl apply -f msg-messenger-core-api/
+kubectl apply -f.rbac/
+```
+
+
--- a/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/tavro-cloud-test.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/tavro-cloud-test.yaml
@@ -18,17 +18,14 @@ metadata:
    app.kubernetes.io/managed-by: manual
 spec:
  hard:
-    configmaps: "20"
    limits.cpu: "5"
    limits.memory: 5Gi
-    persistentvolumeclaims: "1"
-    pods: "10"
-    requests.cpu: "5"
-    requests.memory: "5Gi"
-    requests.storage: "2Gi" 
+    limits.storage: "2Gi"
+    requests.cpu: "100m"
+    requests.memory: "256Mi"
+    requests.storage: "100Mi" 
    resourcequotas: "1"
-    secrets: "10"
-    services: "10"
+
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
--- a/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/vault_cred.sh
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/vault_cred.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+rm -rf .secrets
+
+cert_key=$(vault kv get -field="certificate.key" team-devops/ssl/avroid.tech/wildcard.avroid.tech)
+cert_data=$(vault kv get -field="certificate_fullchain.crt" team-devops/ssl/avroid.tech/wildcard.avroid.tech)
+
+mkdir .secrets
+
+cat > .secrets/key.pem << EOF
+${cert_key}
+EOF
+
+cat > .secrets/cert.pem << EOF
+${cert_data}
+EOF
+
+echo "Run this command previously then apply all manisfest and before create namespace:"
+echo "kubectl -n tavro-cloud-test create secret tls avroid-tech-tls --cert=.secrets/cert.pem --key=.secrets/key.pem"