values.yaml
global:
image:
repository: registry.datasapience.ru/russian-registry/continuity/continuity # Change to your repository
tag: 3.2.0 # Change to your version
service:
deploymentStrategy:
type: Recreate
name: continuity
extraLabels:
klmg/app: continuity
annotations:
rollme: "{{ randAlphaNum 5 | quote }}"
replicas: 1
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
service:
port: "8000"
ingress:
enabled: false
uriPrefix: /continuity/api
pathType: ImplementationSpecific
host: "kolmogorov" # Change to your host
baseDomain: "k8s.datasapience.ru" # Change to your domain
command:
- /bin/sh
- -c
args:
- |
gunicorn continuity.services.api.app:app \
--workers=3 \
--worker-class=uvicorn.workers.UvicornWorker \
--bind=0.0.0.0:8000 \
--timeout=600 \
--reuse-port
resources:
limits:
cpu: 1000m
memory: 2048Mi
requests:
cpu: 500m
memory: 1024Mi
secrets:
- name: continuity-backend-secret
data:
- name: TZ
value: "Europe/Moscow"
- name: CONTINUITY_ENV
value: "PROD"
- name: CONTINUITY_LEVEL
value: "INFO"
# FastAPI
- name: CONTINUITY_ROOT_PATH
value: "/continuity/api"
# Roles
- name: DEFAULT_ROLE
value: "continuity"
- name: CONTINUITY_ADMIN_ROLE
value: "continuity_admin"
- name: CONTINUITY_AUDIT_ROLE
value: "continuity_audit"
- name: RUNTIME_ALLOW_ROLE
value: "runtime_allow_role"
- name: RUNTIME_ALLOW_CREATE_ROLE
value: "runtime_allow_create_role"
- name: TEAM_ALLOW_ROLE
value: "team_allow_role"
- name: TEAM_ALLOW_CREATE_ROLE
value: "team_allow_create_role"
- name: TEMPLATE_ALLOW_ROLE
value: "template_allow_role"
- name: TEMPLATE_ALLOW_CREATE_ROLE
value: "template_allow_create_role"
# Database
- name: CONTINUITY_DB_URL
value: "postgresql://postgres:postgres@continuity-postgresql:5432/postgres"
- name: CONTINUITY_DB_POOL_SIZE
value: 30
- name: CONTINUITY_DB_CONNECT_TIMEOUT
value: 10
# Celery
- name: CONTINUITY_CELERY_CONFIG_PATH
value: "/app/celery/config.py"
- name: CONTINUITY_CELERY_NAME
value: "continuity"
# Files
- name: CONTINUITY_FILE_ROOT_PATH
value: /app/files
# Kubernetes
- name: CONTINUITY_K8S_NAMESPACE
value: "continuity"
# Keycloak
- name: KEYCLOAK_VERIFY
value: "False"
- name: KEYCLOAK_URL
value: "https://keycloak/auth"
- name: KEYCLOAK_REALM
value: "dev"
- name: KEYCLOAK_CLIENT_ID
value: "client"
- name: KEYCLOAK_CLIENT_SECRET
value: "client-secret"
- name: KEYCLOAK_ADMIN_USERNAME
value: "keycloak"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "keycloak-secret"
# Sentry
- name: CONTINUITY_SENTRY_ENABLED
value: "False"
- name: CONTINUITY_SENTRY_DSN
value: ""
extra_vars:
- secret: continuity-backend-secret
configMaps:
- name: continuity-celery-config-map
data:
- config.py: |
import os
# Broker and Result Backend Configuration
broker_url = "redis://default:redis@continuity-redis-master:6379"
result_backend = "redis://default:redis@continuity-redis-master:6379"
task_default_queue = "continuity"
# Task Configuration
result_extended = True
result_expires = 8208000
# Task Acknowledgment Settings
task_acks_late = True
task_reject_on_worker_lost = True
task_acks_on_failure_or_timeout = False
worker_prefetch_multiplier = 1
# Connection Settings
broker_connection_retry_on_startup = True
worker_cancel_long_running_tasks_on_connection_loss = True
# Transport Options
broker_transport_options = {"visibility_timeout": 8208000}
result_backend_transport_options = {"visibility_timeout": 8208000}
visibility_timeout = 8208000
# Timezone Configuration
enable_utc = False
timezone = "Europe/Moscow"
init:
containers:
db-init-metadata:
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
pullPolicy: Always
command:
- /bin/sh
- -c
args:
- python -m continuity.services.migrations.metadata.upgrade
resources:
limits:
cpu: 256m
memory: 256Mi
requests:
cpu: 100m
memory: 100Mi
db-init-triggers:
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
pullPolicy: Always
command:
- /bin/sh
- -c
args:
- python -m continuity.services.migrations.triggers.downgrade && python -m continuity.services.migrations.triggers.upgrade
resources:
limits:
cpu: 256m
memory: 256Mi
requests:
cpu: 100m
memory: 100Mi
dependsOn:
- db-init-metadata
persistentVolumes:
- name: continuity-files
mountPath: /app/files
volumeClaim:
storageClass: nfs
size: 1024Mi
accessMode: ReadWriteMany
- name: continuity-celery-config
configMap: continuity-celery-config-map
mountPath: /app/celery
items:
- key: config.json
path: config.json
- name: continuity-logs
mountPath: /app/var/logs
volumeClaim:
storageClass: nfs
size: 2048Mi
accessMode: ReadWriteMany
securityContext:
runAsNonRoot: false
runAsUser: 9999
runAsGroup: 9999
podSecurityContext:
fsGroup: 9999
serviceAccount:
name: tst
enabled: true
existing: False
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 120
periodSeconds: 60
timeoutSeconds: 15
service-celery:
deploymentStrategy:
type: Recreate
name: continuity-manager
image:
repository: "{{ .Values.global.image.repository }}"
tag: "{{ .Values.global.image.tag }}"
annotations:
rollme: "{{ randAlphaNum 5 | quote }}"
ingress:
enabled: False
command:
- /bin/sh
- -c
args:
- |
celery --app=continuity.services.celery:app worker \
--events \
--loglevel=INFO \
--hostname=$(CONTINUITY_CELERY_NAME) \
--concurrency=4 \
--max-tasks-per-child=10 \
--queues=continuity \
--time-limit=60
resources:
limits:
cpu: 1000m
memory: 1024Mi
requests:
cpu: 500m
memory: 1024Mi
extra_vars:
- secret: continuity-backend-secret
livenessProbe:
exec:
command:
- /bin/sh
- -c
- |
TASK="$(celery -A continuity.services.celery:app call utils::health --queue=continuity)"
RESULT="$(celery -A continuity.services.celery:app result $TASK | grep True)"
if [[ "${RESULT}" == "True" ]]; then
echo "Success"
exit 0
else
echo "Error"
exit 1
fi
initialDelaySeconds: 120
periodSeconds: 180
timeoutSeconds: 120
persistentVolumes:
- name: continuity-celery-config
configMap: continuity-celery-config-map
mountPath: /app/celery
items:
- key: config.json
path: config.json
securityContext:
runAsNonRoot: false
runAsUser: 9999
runAsGroup: 9999
podSecurityContext:
fsGroup: 9999
postgresql:
fullnameOverride: continuity-postgresql
auth:
postgresPassword: postgres
username: postgres
password: postgres
database: postgres
primary:
service:
type: NodePort
persistence:
size: 5Gi
resources:
limits:
cpu: 1000m
memory: 1024Mi
requests:
cpu: 100m
memory: 100Mi
initdb:
scripts:
init_schema.sh: |
#!/bin/sh
PGPASSWORD=postgres psql -U postgres -d postgres -c 'CREATE SCHEMA IF NOT EXISTS klmg_continuity'
redis:
fullnameOverride: continuity-redis
auth:
enabled: true
password: redis
master:
persistence:
enabled: false
extraEnvVars:
- name: TZ
value: "Europe/Moscow"
resources:
limits:
cpu: 150m
memory: 150Mi
requests:
cpu: 30m
memory: 100Mi
architecture: standalone