values.yaml
global:
image:
repository: harbor.k8s.datasapience.ru/datasapience-registry/kolmogorov/continuity/continuity-external-manager # Change to your repository
tag: 3.2.0 # Change to your version
service:
enabled: true
name: continuity-external-manager
annotations:
rollme: "{{ randAlphaNum 5 | quote }}"
replicas: 1
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
service:
port: "8000"
ingress:
enabled: false
uriPrefix: /extension/external-manager/api(/|$)(.*)
pathType: ImplementationSpecific
host: "kolmogorov" # Change to your host
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
command:
- "gunicorn"
args:
- "continuity_external_manager.services.api.app:app"
- "--workers=2"
- "--worker-class=uvicorn.workers.UvicornWorker"
- "--bind=0.0.0.0:8000"
- "--timeout=600"
- "--reuse-port"
- "--max-requests=150"
- "--max-requests-jitter=20"
resources:
limits:
cpu: 256m
memory: 1024Mi
requests:
cpu: 256m
memory: 256Mi
secrets:
- name: continuity-external-manager-secret
data:
- name: CONTINUITY_HOST
value: "https://kolmogorov/continuity/api"
- name: CONTINUITY_USERNAME
value: "klmg"
- name: CONTINUITY_PASSWORD
value: "klmg"
- name: continuity-external-manager-server-secret
data:
- name: TZ
value: "Europe/Moscow"
- name: CONTINUITY_EXTERNAL_MANAGER_ENV
value: "PROD"
- name: CONTINUITY_EXTERNAL_MANAGER_LEVEL
value: "INFO"
# FastAPI
- name: CONTINUITY_EXTERNAL_MANAGER_ROOT_PATH
value: "/extension/external-manager/api"
# Continuity
- name: CONTINUITY_EXTERNAL_MANAGER_CONTINUITY_CELERY_CONFIG_PATH
value: '/app/celery/continuity/config.json'
- name: CONTINUITY_EXTERNAL_MANAGER_CONTINUITY_HOST
value: "https://kolmogorov/continuity/api"
- name: CONTINUITY_EXTERNAL_MANAGER_CONTINUITY_USERNAME
value: "klmg"
- name: CONTINUITY_EXTERNAL_MANAGER_CONTINUITY_PASSWORD
value: "klmg"
- name: CONTINUITY_EXTERNAL_MANAGER_CONTINUITY_GRANT_TYPE
value: "user"
# Roles
- name: CONTINUITY_EXTERNAL_MANAGER_ADMIN_ROLE
value: "continuity_admin"
- name: CONTINUITY_EXTERNAL_MANAGER_MANAGER_ROLE
value: "continuity_external_manager_admin"
- name: CONTINUITY_EXTERNAL_MANAGER_AUDIT_ROLE
value: "continuity_audit"
- name: CONTINUITY_EXTERNAL_MANAGER_LOG_READER_ROLE
value: "continuity_log_reader"
# Script
- name: CONTINUITY_EXTERNAL_MANAGER_SCRIPT_PWD
value: '/app/scripts'
- name: CONTINUITY_EXTERNAL_MANAGER_SCRIPT_CELERY_NAME
value: 'continuity-external-manager-script'
- name: CONTINUITY_EXTERNAL_MANAGER_SCRIPT_CELERY_CONFIG_PATH
value: '/app/celery/script/config.json'
# Kubernetes
- name: CONTINUITY_EXTERNAL_MANAGER_KUBERENTES_NAMESPACE
value: "continuity"
- name: CONTINUITY_EXTERNAL_MANAGER_KUBERENTES_CRONJOB_LABEL_SELECTOR
value: "continuity=external-task"
# Keycloak
- name: KEYCLOAK_VERIFY
value: "False"
- name: KEYCLOAK_URL
value: "https://keycloak/auth"
- name: KEYCLOAK_REALM
value: "dev"
- name: KEYCLOAK_CLIENT_ID
value: "client"
- name: KEYCLOAK_CLIENT_SECRET
value: "client-secret"
- name: KEYCLOAK_ADMIN_USERNAME
value: "keycloak"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "keycloak-secret"
extra_vars:
- secret: continuity-external-manager-server-secret
configMaps:
- name: continuity-external-manager-celery-config-map-continuity
data:
- config.json: |
{
"broker_url": "redis://default:redis@continuity-redis-master:6379",
"broker_connection_retry_on_startup": true,
"result_backend": "redis://default:redis@continuity-redis-master:6379",
"result_extended": true,
"task_default_queue": "continuity",
"task_ack_late": true,
"task_reject_on_worker_lost": true,
"enable_utc": false,
"timezone": "Europe/Moscow"
}
- name: continuity-external-manager-celery-config-map-script
data:
- config.json: |
{
"broker_url": "redis://default:redis@continuity-redis-master:6379",
"broker_connection_retry_on_startup": true,
"result_backend": "redis://default:redis@continuity-redis-master:6379",
"result_extended": true,
"task_default_queue": "continuity-external-manager-script",
"task_ack_late": true,
"task_reject_on_worker_lost": true,
"enable_utc": false,
"timezone": "Europe/Moscow"
}
persistentVolumes:
- name: continuity-external-manager-scripts
mountPath: /app/scripts
volumeClaim:
storageClass: nfs
size: 100Mi
accessMode: ReadWriteMany
annotations:
helm.sh/resource-policy: keep # helm delete not delete pvc
- name: continuity-external-manager-celery-config-map-continuity
configMap: continuity-external-manager-celery-config-map-continuity
mountPath: /app/celery/continuity
items:
- key: config.json
path: config.json
- name: continuity-external-manager-celery-config-map-script
configMap: continuity-external-manager-celery-config-map-script
mountPath: /app/celery/script
items:
- key: config.json
path: config.json
securityContext:
runAsNonRoot: false
runAsUser: 9999
runAsGroup: 9999
podSecurityContext:
fsGroup: 9999
serviceAccount:
name: continuity-external-manager-sa
enabled: true
existing: False
rules:
- apiGroups: ["batch"]
resources: ["cronjobs"]
verbs: ["get", "create", "patch", "delete", "list", "watch"]
service-script:
enabled: true
name: continuity-external-manager-script
extraLabels:
klmg/app: continuity
annotations:
rollme: "{{ randAlphaNum 5 | quote }}"
replicas: 1
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
service:
port: "8000"
ingress:
enabled: false
command:
- "celery"
args:
- "--app=continuity_external_manager.services.celery.script.celery:app"
- "worker"
- "--events"
- "--loglevel=INFO"
- "--hostname=continuity-external-manager-script"
- "--concurrency=4"
- "--max-tasks-per-child=10"
- "--queues=continuity-external-manager-script"
resources:
limits:
cpu: 512m
memory: 1024Mi
requests:
cpu: 256m
memory: 256Mi
extra_vars:
- secret: continuity-external-manager-server-secret
persistentVolumes:
- name: continuity-external-manager-scripts
mountPath: /app/scripts
existingVolumeClaim: true
- name: continuity-external-manager-celery-config-map-continuity
configMap: continuity-external-manager-celery-config-map-continuity
mountPath: /app/celery/continuity
items:
- key: config.json
path: config.json
- name: continuity-external-manager-celery-config-map-script
configMap: continuity-external-manager-celery-config-map-script
mountPath: /app/celery/script
items:
- key: config.json
path: config.json
securityContext:
runAsNonRoot: false
runAsUser: 9999
runAsGroup: 9999
podSecurityContext:
fsGroup: 9999
service-continuity-monitor:
enabled: true
name: continuity-external-manager-continuity-monitor
extraLabels:
klmg/app: continuity
annotations:
rollme: "{{ randAlphaNum 5 | quote }}"
replicas: 1
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
service:
port: "8000"
ingress:
enabled: false
command:
- "python"
args:
- "-m"
- "continuity_external_manager.services.celery.continuity"
resources:
limits:
cpu: 256m
memory: 1024Mi
requests:
cpu: 256m
memory: 256Mi
extra_vars:
- secret: continuity-external-manager-server-secret
persistentVolumes:
- name: continuity-external-manager-scripts
mountPath: /app/scripts
existingVolumeClaim: true
- name: continuity-external-manager-celery-config-map-continuity
configMap: continuity-external-manager-celery-config-map-continuity
mountPath: /app/celery/continuity
items:
- key: config.json
path: config.json
- name: continuity-external-manager-celery-config-map-script
configMap: continuity-external-manager-celery-config-map-script
mountPath: /app/celery/script
items:
- key: config.json
path: config.json
securityContext:
runAsNonRoot: false
runAsUser: 9999
runAsGroup: 9999
podSecurityContext:
fsGroup: 9999