Kubernetes/k8s-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DO-1628_Add_test_namespace_messenger (!22)

Browse Source 
Add test namespace/netpolicy/rbac

Co-authored-by: Denis Patrakeev <denis.patrakeev@avroid.team>
Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/22
Reviewed-by: Rustam Tagaev <rustam.tagaev@avroid.team>
This commit is contained in:
Dmitrij Prokov
2025-02-21 12:27:06 +03:00
parent 99c5cce4d2
commit 8e718ef1e2
8 changed files with 172 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/.rbac/ingress-certs-secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: avroid-tech-tls
namespace: tavro-cloud-test
data:
# base64 encoded cert see values in vault. Don't push it to git!
tls.crt: ""
tls.key: ""
type: kubernetes.io/tls

15
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/.rbac/jenkins-deploy-tavro-cloud-test-role-binding.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/managed-by: manual
name: jenkins-deploy-tavro-cloud-test
namespace: tavro-cloud-test
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tavro-cloud-test-full
subjects:
- kind: ServiceAccount
name: jenkins-deploy
namespace: jenkins-builds

10
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/.rbac/jenkins-harbor-secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/managed-by: manual
name: harbor-registry-secret
namespace: tavro-cloud-test
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3IuYXZyb2lkLnRlY2giOnsidXNlcm5hbWUiOiJyb2JvdCRjaSIsInBhc3N3b3JkIjoiSFJqOWlIQXh2VUl1eVRab2d1S1BkR21US082UjlkUnoiLCJhdXRoIjoiY205aWIzUWtZMms2U0ZKcU9XbElRWGgyVlVsMWVWUmFiMmQxUzFCa1IyMVVTMDgyVWpsa1Vubz0ifX19

15
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/.rbac/tavro-cloud-test-role.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tavro-cloud-test-full
namespace: tavro-cloud-test
labels:
app.kubernetes.io/managed-by: manual
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'

12
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/.rbac/vault-service-account.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/instance: vault-sa
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: vault-operator
app.kubernetes.io/part-of: vault-operator
app.kubernetes.io/managed-by: kustomize
name: vault
namespace: tavro-cloud-test

8
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/msg-messenger-core-api/README.md Normal file
View File

@@ -0,0 +1,8 @@
# Install
Для установки нужно забрать values и использовать их. Тут указан только пример, так как все это делается через jenkins
```bash
curl -o values.yaml https://git.avroid.tech/Apps-Backend/msg-messenger-core-api/src/branch/test/.helm/values.test.yaml
helm upgrade --install -f values.test.yaml msg-messenger-core-api avroid/msg-messenger-core-api
```

46
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/msg-messenger-core-api/msg-messenger-core-api-network-policy.yaml Normal file
View File

@@ -0,0 +1,46 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: msg-messenger-core-api-in
namespace: tavro-cloud-test
labels:
app.kubernetes.io/managed-by: manual
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: msg-messenger-core-api
policyTypes:
- Ingress
ingress:
- ports:
- port: 8000
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: msg-messenger-core-api-out
namespace: tavro-cloud-test
labels:
app.kubernetes.io/managed-by: manual
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: msg-messenger-core-api
policyTypes:
- Egress
egress:
- to:
- ipBlock:
# pg-db-test.avroid.tech
cidr: 10.2.40.5/32
ports:
- port: 5432
protocol: TCP
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: valkey
ports:
- port: 6379
protocol: TCP

56
clusters/k8s-avroid-office.prod.local/namespaces/tavro-cloud-test/tavro-cloud-test.yaml Normal file
View File

@@ -0,0 +1,56 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: tavro-cloud-test
labels:
name: tavro-cloud-test
app.kubernetes.io/managed-by: manual
annotations:
scheduler.alpha.kubernetes.io/node-selector: "nodetype=worker"
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: tavro-cloud-test
namespace: tavro-cloud-test
labels:
app.kubernetes.io/managed-by: manual
spec:
hard:
configmaps: "20"
limits.cpu: "5"
limits.memory: 5Gi
persistentvolumeclaims: "1"
pods: "10"
requests.cpu: "5"
requests.memory: "5Gi"
requests.storage: "2Gi"
resourcequotas: "1"
secrets: "10"
services: "10"
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: tavro-cloud-test-common
namespace: tavro-cloud-test
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress: []
egress:
- to:
- ipBlock:
# vault.avroid.tech
cidr: 10.2.16.2/32
ports:
- port: 443
protocol: TCP
- ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP