admin/ircs-prod-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bootstrap ircs-prod gitops config

Browse Source
This commit is contained in:
Prodiglagla
2026-06-14 11:46:13 +08:00
commit f83d1157b1
41 changed files with 3879 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ircs-prod/core/00-namespace.yaml
+7
View File
@@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: ircs-prod
labels:
app.kubernetes.io/part-of: ircs
environment: prod
ircs-prod/core/01-app-config.yaml
+25
View File
@@ -0,0 +1,25 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ircs-prod-app-config
namespace: ircs-prod
labels:
app.kubernetes.io/part-of: ircs
environment: prod
data:
APP_MAIL_ENABLED: "true"
DB_URL: jdbc:postgresql://postgres-svc.ircs-prod.svc.cluster.local:5432/ircs?connectionTimeZone=UTC
ELASTICSEARCH_URIS: http://elasticsearch-svc.ircs-prod.svc.cluster.local:9200
MAIL_FROM: HuaWai System <huawai.system@gmail.com>
MAIL_HOST: smtp.gmail.com
MAIL_PORT: "465"
MANAGEMENT_ENDPOINT_HEALTH_SHOW_COMPONENTS: always
MANAGEMENT_HEALTH_MAIL_ENABLED: "false"
OTEL_ENDPOINT: http://otel-collector.monitoring.svc.cluster.local:4318/v1/traces
R2_BUCKET_NAME: ircs
R2_PUBLIC_DOMAIN: img.mnnu.eu.org
RABBITMQ_HOST: rabbitmq-svc.ircs-prod.svc.cluster.local
SPRING_DATA_REDIS_HOST: valkey-svc.ircs-prod.svc.cluster.local
SPRING_DATA_REDIS_PORT: "6379"
VALKEY_HOST: valkey-svc.ircs-prod.svc.cluster.local
VALKEY_PORT: "6379"
ircs-prod/core/02-resource-quota.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: ircs-prod-quota
namespace: ircs-prod
spec:
hard:
pods: "34"
services: "30"
configmaps: "40"
secrets: "40"
requests.cpu: "6"
requests.memory: 12Gi
limits.cpu: "12"
limits.memory: 24Gi
ircs-prod/core/kustomization.yaml
+33
View File
@@ -0,0 +1,33 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- 00-namespace.yaml
- 01-app-config.yaml
- 02-resource-quota.yaml
- manifests/aggregation-worker.yaml
- manifests/catalog-service.yaml
- manifests/config-service.yaml
- manifests/content-service.yaml
- manifests/credential-service.yaml
- manifests/elasticsearch.yaml
- manifests/frontend-bff.yaml
- manifests/frontend-portal-admin.yaml
- manifests/identity-service.yaml
- manifests/ingestion-worker.yaml
- manifests/interaction-service.yaml
- manifests/magnet-service.yaml
- manifests/metadata-worker.yaml
- manifests/migrator-job.yaml
- manifests/normalization-worker.yaml
- manifests/notification-worker.yaml
- manifests/observability-monitoring.yaml
- manifests/ops-service.yaml
- manifests/portal-service.yaml
- manifests/postgres.yaml
- manifests/rabbitmq.yaml
- manifests/scraper-service.yaml
- manifests/search-service.yaml
- manifests/storage-service.yaml
- manifests/task-service.yaml
- manifests/valkey.yaml
ircs-prod/core/manifests/aggregation-worker.yaml
+102
View File
@@ -0,0 +1,102 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-aggregation-worker
namespace: ircs-prod
labels:
app: ircs-aggregation-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-aggregation-worker
template:
metadata:
labels:
app: ircs-aggregation-worker
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-aggregation-worker@sha256:154db2f8da961cb300308f7d06337edc0ab11a3784a3fa432d23bf9cb2460e87
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-aggregation-worker
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_AGGREGATION_SCHEDULER_ENABLED
value: "false"
- name: APP_AGGREGATION_BATCH_SIZE
value: "1"
- name: APP_AGGREGATION_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_AGGREGATION_SCHEDULER_FIXED_DELAY_MS
value: "5000"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ircs-prod/core/manifests/catalog-service.yaml
+102
View File
@@ -0,0 +1,102 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-catalog-service
namespace: ircs-prod
labels:
app: ircs-catalog-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-catalog-service
template:
metadata:
labels:
app: ircs-catalog-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-catalog-service@sha256:c9c4aed0785e8d9716268b1b9f8f34d7bcd66ec5e3f1389c206185f72fa765e3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-catalog-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_CATALOG_CACHE_ENABLED
value: "true"
- name: APP_CATALOG_CACHE_STANDARD_DICTIONARY_TTL
value: PT10M
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-catalog-service
namespace: ircs-prod
labels:
app: ircs-catalog-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-catalog-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/config-service.yaml
+110
View File
@@ -0,0 +1,110 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-config-service
namespace: ircs-prod
labels:
app: ircs-config-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-config-service
template:
metadata:
labels:
app: ircs-config-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-config-service@sha256:b19eeefe3dbac9483dbb01589afb79e89e43b702619186e6bb7ba988f1e7069e
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-config-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-config-service
namespace: ircs-prod
labels:
app: ircs-config-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-config-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/content-service.yaml
+128
View File
@@ -0,0 +1,128 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-content-service
namespace: ircs-prod
labels:
app: ircs-content-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-content-service
template:
metadata:
labels:
app: ircs-content-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-content-service@sha256:414245458ad96793c17e88a74c1aa702c8aa593331d64d217d53fa6234bcb617
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-content-service
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_CONTENT_LISTENER_ENABLED
value: "true"
- name: APP_CONTENT_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_CONTENT_MAINTENANCE_GATE_LISTENER_ENABLED
value: "true"
- name: APP_CONTENT_RESOLVER_PRESET_SEED_ENABLED
value: "true"
- name: APP_CONTENT_SCRAPER_BASE_URL
value: http://ircs-scraper-service.ircs-prod.svc.cluster.local:8080
- name: IRCS_OUTBOUND_CIRCUIT_CONTENT_REFETCH_SCRAPER_ENABLED
value: "true"
- name: IRCS_OUTBOUND_CIRCUIT_CONTENT_REFETCH_SCRAPER_FAILURE_THRESHOLD
value: "5"
- name: IRCS_OUTBOUND_CIRCUIT_CONTENT_REFETCH_SCRAPER_OPEN_DURATION_MS
value: "30000"
- name: IRCS_OUTBOUND_CIRCUIT_CONTENT_REFETCH_SCRAPER_HALF_OPEN_MAX_CALLS
value: "1"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-content-service
namespace: ircs-prod
labels:
app: ircs-content-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-content-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/credential-service.yaml
+113
View File
@@ -0,0 +1,113 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-credential-service
namespace: ircs-prod
labels:
app: ircs-credential-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-credential-service
template:
metadata:
labels:
app: ircs-credential-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-credential-service@sha256:327c7307de0547d7d320010cffcee2f098cddb4ade6a94d8020c864809078eda
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-credential-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_CREDENTIAL_SERVICE_TOKEN
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: SERVICE_CREDENTIAL_TOKEN
- name: APP_CREDENTIAL_INITIALIZER_ENABLED
value: "true"
- name: APP_CREDENTIAL_INITIALIZER_FILE_PATH
value: /etc/ircs/init/credentials.json
- name: APP_CREDENTIAL_INITIALIZER_CLASSPATH_FALLBACK_ENABLED
value: "true"
- name: APP_CREDENTIAL_CACHE_ENABLED
value: "true"
- name: APP_CREDENTIAL_CACHE_SUMMARY_TTL
value: PT60S
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-credential-service
namespace: ircs-prod
labels:
app: ircs-credential-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-credential-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/elasticsearch.yaml
+143
View File
@@ -0,0 +1,143 @@
apiVersion: v1
kind: Service
metadata:
name: elasticsearch-svc
namespace: ircs-prod
labels:
app: elasticsearch
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: elasticsearch
ports:
- name: http
port: 9200
targetPort: http
- name: transport
port: 9300
targetPort: transport
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
namespace: ircs-prod
labels:
app: elasticsearch
app.kubernetes.io/part-of: ircs
environment: prod
spec:
serviceName: elasticsearch-svc
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
app.kubernetes.io/part-of: ircs
environment: prod
spec:
initContainers:
- name: install-plugins
image: alpine:3.19
command:
- sh
- -c
- |
set -e
apk add --no-cache unzip wget
mkdir -p /plugins/ik /plugins/pinyin
if [ ! -f /plugins/ik/plugin-descriptor.properties ]; then
rm -rf /plugins/ik/*
wget -O /tmp/ik.zip https://release.infinilabs.com/analysis-ik/stable/elasticsearch-analysis-ik-9.1.4.zip
unzip -q /tmp/ik.zip -d /plugins/ik
rm /tmp/ik.zip
fi
if [ ! -f /plugins/pinyin/plugin-descriptor.properties ]; then
rm -rf /plugins/pinyin/*
wget -O /tmp/pinyin.zip https://release.infinilabs.com/analysis-pinyin/stable/elasticsearch-analysis-pinyin-9.1.4.zip
unzip -q /tmp/pinyin.zip -d /plugins/pinyin
rm /tmp/pinyin.zip
fi
chown -R 1000:1000 /plugins
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 250m
memory: 256Mi
volumeMounts:
- name: plugins-volume
mountPath: /plugins
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:9.1.4
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 9200
- name: transport
containerPort: 9300
env:
- name: discovery.type
value: single-node
- name: xpack.security.enabled
value: "true"
- name: xpack.security.http.ssl.enabled
value: "false"
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: ELASTICSEARCH_PASSWORD
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
startupProbe:
tcpSocket:
port: http
failureThreshold: 60
periodSeconds: 10
readinessProbe:
tcpSocket:
port: http
periodSeconds: 10
livenessProbe:
tcpSocket:
port: http
periodSeconds: 30
resources:
requests:
cpu: 100m
memory: 1Gi
limits:
cpu: 1000m
memory: 2Gi
volumeMounts:
- name: elasticsearch-data
mountPath: /usr/share/elasticsearch/data
- name: plugins-volume
mountPath: /usr/share/elasticsearch/plugins
volumes:
- name: plugins-volume
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
labels:
app: elasticsearch
app.kubernetes.io/part-of: ircs
environment: prod
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
ircs-prod/core/manifests/frontend-bff.yaml
+233
View File
@@ -0,0 +1,233 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-portal-bff
namespace: ircs-prod
labels:
app: ircs-portal-bff
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-portal-bff
template:
metadata:
labels:
app: ircs-portal-bff
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-portal-bff@sha256:713932a12c577f2dcb910d85f96a5f1c7489542d6cda8a2089efceb3195918d1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-portal-bff
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: APP_IDENTITY_JWT_SECRET
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: APP_IDENTITY_JWT_SECRET
optional: true
- name: APP_BFF_AUDIT_ENABLED
value: "true"
- name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_ENABLED
value: "true"
- name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_FAILURE_THRESHOLD
value: "5"
- name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_OPEN_DURATION_MS
value: "30000"
- name: IRCS_OUTBOUND_CIRCUIT_PORTAL_BFF_PROXY_HALF_OPEN_MAX_CALLS
value: "1"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
cpu: 250m
memory: 384Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-portal-bff
namespace: ircs-prod
labels:
app: ircs-portal-bff
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-portal-bff
ports:
- name: http
port: 8080
targetPort: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-admin-bff
namespace: ircs-prod
labels:
app: ircs-admin-bff
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-admin-bff
template:
metadata:
labels:
app: ircs-admin-bff
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-admin-bff@sha256:e0314abeba097d5f2a25809bf4c7691cdb720b524841e94c522a3f7270baf899
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-admin-bff
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: APP_IDENTITY_JWT_SECRET
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: APP_IDENTITY_JWT_SECRET
optional: true
- name: APP_BFF_AUDIT_ENABLED
value: "true"
- name: APP_BFF_SERVICE_ID
value: admin-bff
- name: APP_BFF_OPS_SERVICE_TOKEN
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: INTERNAL_CREDENTIAL_TOKEN
- name: APP_BFF_OPS_SERVICE_SCOPES
value: ops:read ops:run
- name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_ENABLED
value: "true"
- name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_FAILURE_THRESHOLD
value: "5"
- name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_OPEN_DURATION_MS
value: "30000"
- name: IRCS_OUTBOUND_CIRCUIT_ADMIN_BFF_PROXY_HALF_OPEN_MAX_CALLS
value: "1"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
cpu: 250m
memory: 384Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-admin-bff
namespace: ircs-prod
labels:
app: ircs-admin-bff
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-admin-bff
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/frontend-portal-admin.yaml
+468
View File
@@ -0,0 +1,468 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ircs-frontend-gateway-nginx
namespace: ircs-prod
labels:
app.kubernetes.io/part-of: ircs
environment: prod
data:
default.conf: |
upstream portal_frontend {
server ircs-portal-frontend.ircs-prod.svc.cluster.local:3000;
}
upstream admin_frontend {
server ircs-admin-frontend.ircs-prod.svc.cluster.local:80;
}
upstream portal_bff {
server ircs-portal-bff.ircs-prod.svc.cluster.local:8080;
}
upstream admin_bff {
server ircs-admin-bff.ircs-prod.svc.cluster.local:8080;
}
server {
listen 80;
server_name _;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
location = /gateway-health {
access_log off;
return 204;
}
location ^~ /api/backend {
proxy_pass http://portal_bff;
}
location ^~ /api/backend/api/portal/auth {
proxy_pass http://portal_bff;
}
location ^~ /api/backend/api/portal/profile {
proxy_pass http://portal_bff;
}
location ^~ /api/backend/api/portal/interaction {
proxy_pass http://portal_bff;
}
location ^~ /api/backend/api/portal/feedback {
proxy_pass http://portal_bff;
}
location ^~ /api/backend/api/portal/search {
proxy_pass http://portal_bff;
}
location ^~ /api/backend/api/portal {
proxy_pass http://portal_bff;
}
location ^~ /api/portal/auth {
proxy_pass http://portal_bff;
}
location ^~ /api/portal/profile {
proxy_pass http://portal_bff;
}
location ^~ /api/portal/interaction {
proxy_pass http://portal_bff;
}
location ^~ /api/portal/feedback {
proxy_pass http://portal_bff;
}
location ^~ /api/portal/search {
proxy_pass http://portal_bff;
}
location ^~ /api/portal {
proxy_pass http://portal_bff;
}
location ^~ /media {
proxy_pass http://portal_bff;
}
location / {
proxy_pass http://portal_frontend;
}
}
server {
listen 8080;
server_name _;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
location = /gateway-health {
access_log off;
return 204;
}
location ^~ /api/v1 {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/auth {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/members {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/dashboard {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/ops {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/raw-videos {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/unified-videos {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/playlists {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/cover-images {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/collection-tasks {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/catalog {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/standard- {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/raw- {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/data-sources {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/configs {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/common {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/credentials {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/magnet-providers {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/magnets {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/scraper/manual {
proxy_pass http://admin_bff;
}
location ^~ /api/v1/messages {
proxy_pass http://admin_bff;
}
location ^~ /media {
proxy_pass http://admin_bff;
}
location / {
proxy_pass http://admin_frontend;
}
}
---
apiVersion: v1
kind: Service
metadata:
name: ircs-portal-frontend
namespace: ircs-prod
labels:
app: ircs-portal-frontend
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-portal-frontend
ports:
- name: http
protocol: TCP
port: 3000
targetPort: http
---
apiVersion: v1
kind: Service
metadata:
name: ircs-admin-frontend
namespace: ircs-prod
labels:
app: ircs-admin-frontend
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-admin-frontend
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: v1
kind: Service
metadata:
name: ircs-frontend-gateway
namespace: ircs-prod
labels:
app: ircs-frontend-gateway
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-frontend-gateway
ports:
- name: portal
protocol: TCP
port: 80
targetPort: portal
- name: admin
protocol: TCP
port: 8080
targetPort: admin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-portal-frontend
namespace: ircs-prod
labels:
app: ircs-portal-frontend
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-portal-frontend
template:
metadata:
labels:
app: ircs-portal-frontend
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
ircs.prodigalgal.com/config-version: "bff-20260606-1"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: huawai
image: harbor.mnnu.eu.org/ircs/huawai@sha256:a411c3498cd2871093953b570616a6e89b3f0d1621308e175692dffd109b2751
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 3000
env:
- name: BACKEND_URL
value: http://ircs-frontend-gateway.ircs-prod.svc.cluster.local:80
resources:
requests:
cpu: 25m
memory: 192Mi
limits:
cpu: 250m
memory: 512Mi
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
periodSeconds: 20
timeoutSeconds: 3
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-admin-frontend
namespace: ircs-prod
labels:
app: ircs-admin-frontend
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-admin-frontend
template:
metadata:
labels:
app: ircs-admin-frontend
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: ircs-admin-frontend
image: harbor.mnnu.eu.org/ircs/ircs-frontend@sha256:132b7d3bb073734ab8072769521e94885b25f8e9e319253e7c1c433d87c91302
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
cpu: 100m
memory: 128Mi
readinessProbe:
httpGet:
path: /login
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 3
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 20
periodSeconds: 20
timeoutSeconds: 3
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-frontend-gateway
namespace: ircs-prod
labels:
app: ircs-frontend-gateway
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-frontend-gateway
template:
metadata:
labels:
app: ircs-frontend-gateway
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
ircs.prodigalgal.com/config-version: "bff-20260606-1"
spec:
containers:
- name: nginx
image: nginx:1.25-alpine
imagePullPolicy: IfNotPresent
ports:
- name: portal
containerPort: 80
- name: admin
containerPort: 8080
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
cpu: 100m
memory: 128Mi
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d
readOnly: true
readinessProbe:
httpGet:
path: /gateway-health
port: portal
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 3
livenessProbe:
httpGet:
path: /gateway-health
port: portal
initialDelaySeconds: 15
periodSeconds: 20
timeoutSeconds: 3
volumes:
- name: nginx-config
configMap:
name: ircs-frontend-gateway-nginx
ircs-prod/core/manifests/identity-service.yaml
+149
View File
@@ -0,0 +1,149 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-identity-service
namespace: ircs-prod
labels:
app: ircs-identity-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-identity-service
template:
metadata:
labels:
app: ircs-identity-service
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-identity-service@sha256:adda80c8a9c0986a465da376eb527096e3c8ed0cb60fc914cf0df3968533ccb0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-identity-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: APP_IDENTITY_JWT_SECRET
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: APP_IDENTITY_JWT_SECRET
optional: true
- name: SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: ADMIN_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: APP_MAIL_ENABLED
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: APP_MAIL_ENABLED
- name: APP_IDENTITY_EMAIL_VERIFY_ENABLED
value: "false"
- name: APP_IDENTITY_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_IDENTITY_STORAGE_SERVICE_ID
value: identity-service
- name: APP_IDENTITY_STORAGE_SERVICE_TOKEN
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: INTERNAL_CREDENTIAL_TOKEN
- name: APP_IDENTITY_STORAGE_SERVICE_SCOPES
value: storage:avatar
- name: IRCS_OUTBOUND_CIRCUIT_IDENTITY_AVATAR_STORAGE_ENABLED
value: "true"
- name: IRCS_OUTBOUND_CIRCUIT_IDENTITY_AVATAR_STORAGE_FAILURE_THRESHOLD
value: "5"
- name: IRCS_OUTBOUND_CIRCUIT_IDENTITY_AVATAR_STORAGE_OPEN_DURATION_MS
value: "30000"
- name: IRCS_OUTBOUND_CIRCUIT_IDENTITY_AVATAR_STORAGE_HALF_OPEN_MAX_CALLS
value: "1"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-identity-service
namespace: ircs-prod
labels:
app: ircs-identity-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-identity-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/ingestion-worker.yaml
+96
View File
@@ -0,0 +1,96 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-ingestion-worker
namespace: ircs-prod
labels:
app: ircs-ingestion-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-ingestion-worker
template:
metadata:
labels:
app: ircs-ingestion-worker
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-ingestion-worker@sha256:7429f763a0c07e767018ea473836ff16546f4d91085f0e5c6c28af31f25093fc
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-ingestion-worker
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_INGESTION_LISTENER_ENABLED
value: "true"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ircs-prod/core/manifests/interaction-service.yaml
+121
View File
@@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-interaction-service
namespace: ircs-prod
labels:
app: ircs-interaction-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-interaction-service
template:
metadata:
labels:
app: ircs-interaction-service
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-interaction-service@sha256:540f6edb8357fb30208a5fa9de957e25506dca9c49a66ff16833438d6eab3ac7
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-interaction-service
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_STORAGE_R2_PUBLIC_DOMAIN
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: R2_PUBLIC_DOMAIN
- name: APP_INTERACTION_LISTENER_ENABLED
value: "true"
- name: APP_INTERACTION_CONFIG_LISTENER_ENABLED
value: "true"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-interaction-service
namespace: ircs-prod
labels:
app: ircs-interaction-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-interaction-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/magnet-service.yaml
+106
View File
@@ -0,0 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-magnet-service
namespace: ircs-prod
labels:
app: ircs-magnet-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-magnet-service
template:
metadata:
labels:
app: ircs-magnet-service
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-magnet-service@sha256:190b98486dd4fd662d9433e1032a41c768d6b4cc4c11aeae91f1f7142ebf09b5
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-magnet-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_MAGNET_CACHE_ENABLED
value: "true"
- name: APP_MAGNET_CACHE_PROVIDER_TTL
value: PT5M
- name: APP_MAGNET_CACHE_APPROVED_LINKS_TTL
value: PT60S
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-magnet-service
namespace: ircs-prod
labels:
app: ircs-magnet-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-magnet-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/metadata-worker.yaml
+116
View File
@@ -0,0 +1,116 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-metadata-worker
namespace: ircs-prod
labels:
app: ircs-metadata-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-metadata-worker
template:
metadata:
labels:
app: ircs-metadata-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-metadata-worker@sha256:556d9e0e90c3686974d42f9844d46c46684ce9e8c44cea8c3af653cbebdde5db
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-metadata-worker
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_METADATA_LISTENER_ENABLED
value: "true"
- name: APP_METADATA_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_METADATA_DISPATCHER_ENABLED
value: "true"
- name: APP_METADATA_DOUBAN_ENABLED
value: "false"
- name: APP_METADATA_TMDB_ENABLED
value: "false"
- name: APP_METADATA_TMDB_WORKER_ENABLED
value: "true"
- name: APP_METADATA_CREDENTIAL_SERVICE_BASE_URL
value: http://ircs-credential-service.ircs-prod.svc.cluster.local:8080
- name: APP_METADATA_CREDENTIAL_SERVICE_TOKEN
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: SERVICE_CREDENTIAL_TOKEN
- name: APP_METADATA_RT_ENABLED
value: "false"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 60
periodSeconds: 5
timeoutSeconds: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
timeoutSeconds: 3
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
timeoutSeconds: 3
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ircs-prod/core/manifests/migrator-job.yaml
+53
View File
@@ -0,0 +1,53 @@
apiVersion: batch/v1
kind: Job
metadata:
name: ircs-migrator
namespace: ircs-prod
labels:
app: ircs-migrator
app.kubernetes.io/part-of: ircs
environment: prod
spec:
backoffLimit: 0
ttlSecondsAfterFinished: 300
template:
metadata:
labels:
app: ircs-migrator
app.kubernetes.io/part-of: ircs
environment: prod
spec:
restartPolicy: Never
imagePullSecrets:
- name: harbor-secret
containers:
- name: migrator
image: harbor.mnnu.eu.org/ircs/ircs-migrator@sha256:64223fa99f7c2793b0145cc539bafa4b0c70fa3cc0af0e9059a2fed3bf7a2437
imagePullPolicy: IfNotPresent
env:
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ircs-prod/core/manifests/normalization-worker.yaml
+127
View File
@@ -0,0 +1,127 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-normalization-worker
namespace: ircs-prod
labels:
app: ircs-normalization-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-normalization-worker
template:
metadata:
labels:
app: ircs-normalization-worker
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-normalization-worker@sha256:399ca4e645c20a8fef850499a5b1c4223fc6308ca36598f778641e1efbb8eaf8
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-normalization-worker
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_NORMALIZATION_LISTENER_ENABLED
value: "true"
- name: APP_NORMALIZATION_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_NORMALIZATION_INTERNAL_ACCESS_REQUIRE_TOKEN
value: "false"
- name: APP_NORMALIZATION_WATCHDOG_ENABLED
value: "false"
- name: APP_NORMALIZATION_WATCHDOG_BATCH_SIZE
value: "25"
- name: APP_NORMALIZATION_HANLP_PREWARM_ENABLED
value: "true"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 120
periodSeconds: 5
timeoutSeconds: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
timeoutSeconds: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
timeoutSeconds: 3
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-normalization-worker
namespace: ircs-prod
labels:
app: ircs-normalization-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-normalization-worker
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/notification-worker.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-notification-worker
namespace: ircs-prod
labels:
app: ircs-notification-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-notification-worker
template:
metadata:
labels:
app: ircs-notification-worker
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-notification-worker@sha256:c0234ec40b13b3a24925ec2bcfb5b6298622335f44284003d12f09199de3fdd3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-notification-worker
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_MAIL_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: MAIL_HOST
- name: APP_MAIL_PORT
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: MAIL_PORT
- name: APP_MAIL_FROM
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: MAIL_FROM
- name: APP_MAIL_ENABLED
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: APP_MAIL_ENABLED
- name: APP_MAIL_SEND_HISTORY_CLEANUP_ENABLED
value: "false"
- name: APP_MAIL_SEND_HISTORY_CLEANUP_DRY_RUN
value: "true"
- name: APP_MAIL_SEND_HISTORY_CLEANUP_EXECUTE_ENABLED
value: "false"
- name: APP_MAIL_SEND_HISTORY_CLEANUP_RATE_LIMIT_DELAY_MS
value: "0"
- name: APP_NOTIFICATION_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_WORKER_AUDIT_ENABLED
value: "true"
- name: APP_WORKER_AUDIT_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: APP_WORKER_AUDIT_USERNAME
value: postgres
- name: APP_WORKER_AUDIT_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: APP_WORKER_AUDIT_SOURCE
value: ircs-notification-worker
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
ircs-prod/core/manifests/observability-monitoring.yaml
+70
View File
@@ -0,0 +1,70 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: ircs-prod-service-monitor
namespace: ircs-prod
labels:
app.kubernetes.io/part-of: ircs
environment: prod
release: prometheus-stack
spec:
namespaceSelector:
matchNames:
- ircs-prod
selector:
matchExpressions:
- key: app
operator: In
values:
- ircs-admin-bff
- ircs-catalog-service
- ircs-config-service
- ircs-content-service
- ircs-credential-service
- ircs-identity-service
- ircs-interaction-service
- ircs-magnet-service
- ircs-normalization-worker
- ircs-ops-service
- ircs-portal-bff
- ircs-portal-service
- ircs-scraper-service
- ircs-search-service
- ircs-storage-service
- ircs-task-service
endpoints:
- port: http
path: /actuator/prometheus
interval: 30s
scrapeTimeout: 10s
honorLabels: true
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: ircs-prod-worker-pod-monitor
namespace: ircs-prod
labels:
app.kubernetes.io/part-of: ircs
environment: prod
release: prometheus-stack
spec:
namespaceSelector:
matchNames:
- ircs-prod
selector:
matchExpressions:
- key: app
operator: In
values:
- ircs-aggregation-worker
- ircs-ingestion-worker
- ircs-metadata-worker
- ircs-notification-worker
podMetricsEndpoints:
- port: http
path: /actuator/prometheus
interval: 30s
scrapeTimeout: 10s
honorLabels: true
ircs-prod/core/manifests/ops-service.yaml
+141
View File
@@ -0,0 +1,141 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-ops-service
namespace: ircs-prod
labels:
app: ircs-ops-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-ops-service
template:
metadata:
labels:
app: ircs-ops-service
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-ops-service@sha256:ec5a8ec36286e45fa4d85e07b861c7e349dd914017e1b0a03639833ab20b686f
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-ops-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: APP_OPS_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_OPS_INTERNAL_ACCESS_REQUIRE_TOKEN
value: "true"
- name: APP_OPS_INTERNAL_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: INTERNAL_CREDENTIAL_TOKEN
- name: APP_OPS_INTERNAL_ACCESS_READ_SCOPE
value: ops:read
- name: APP_OPS_INTERNAL_ACCESS_RUN_SCOPE
value: ops:run
- name: OPS_MAINTENANCE_REINDEX_DEV_LIMIT
value: "5"
- name: APP_OPS_MAINTENANCE_SCHEDULER_ENABLED
value: "false"
- name: APP_OPS_MAINTENANCE_SCHEDULER_DRY_RUN
value: "true"
- name: APP_OPS_MAINTENANCE_SCHEDULER_EXECUTE_ENABLED
value: "true"
- name: APP_OPS_MAINTENANCE_SCHEDULER_TASKS
value: search-reindex-unified
- name: APP_OPS_SEARCH_SERVICE_BASE_URL
value: http://ircs-search-service.ircs-prod.svc.cluster.local:8080
- name: APP_OPS_NORMALIZATION_WORKER_BASE_URL
value: http://ircs-normalization-worker.ircs-prod.svc.cluster.local:8080
- name: APP_OPS_NORMALIZATION_LLM_REQUEST_TIMEOUT
value: 5m
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-ops-service
namespace: ircs-prod
labels:
app: ircs-ops-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-ops-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/portal-service.yaml
+119
View File
@@ -0,0 +1,119 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-portal-service
namespace: ircs-prod
labels:
app: ircs-portal-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-portal-service
template:
metadata:
labels:
app: ircs-portal-service
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-portal-service@sha256:13273b98a366bf5690fb372316248d91711f41afb4906de0cf8e737ce76fc59c
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-portal-service
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_STORAGE_R2_PUBLIC_DOMAIN
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: R2_PUBLIC_DOMAIN
- name: APP_PORTAL_CONFIG_LISTENER_ENABLED
value: "true"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
cpu: 200m
memory: 384Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-portal-service
namespace: ircs-prod
labels:
app: ircs-portal-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-portal-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/postgres.yaml
+95
View File
@@ -0,0 +1,95 @@
apiVersion: v1
kind: Service
metadata:
name: postgres-svc
namespace: ircs-prod
labels:
app: postgres
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: postgres
ports:
- name: postgres
port: 5432
targetPort: postgres
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
namespace: ircs-prod
labels:
app: postgres
app.kubernetes.io/part-of: ircs
environment: prod
spec:
serviceName: postgres-svc
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
app.kubernetes.io/part-of: ircs
environment: prod
spec:
containers:
- name: postgres
image: postgres:18-alpine
imagePullPolicy: IfNotPresent
ports:
- name: postgres
containerPort: 5432
env:
- name: POSTGRES_DB
value: ircs
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
startupProbe:
exec:
command: ["pg_isready", "-U", "postgres", "-d", "ircs"]
failureThreshold: 30
periodSeconds: 5
readinessProbe:
exec:
command: ["pg_isready", "-U", "postgres", "-d", "ircs"]
periodSeconds: 10
livenessProbe:
exec:
command: ["pg_isready", "-U", "postgres", "-d", "ircs"]
periodSeconds: 30
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- metadata:
name: postgres-data
labels:
app: postgres
app.kubernetes.io/part-of: ircs
environment: prod
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
ircs-prod/core/manifests/rabbitmq.yaml
+99
View File
@@ -0,0 +1,99 @@
apiVersion: v1
kind: Service
metadata:
name: rabbitmq-svc
namespace: ircs-prod
labels:
app: rabbitmq
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: rabbitmq
ports:
- name: amqp
port: 5672
targetPort: amqp
- name: management
port: 15672
targetPort: management
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: rabbitmq
namespace: ircs-prod
labels:
app: rabbitmq
app.kubernetes.io/part-of: ircs
environment: prod
spec:
serviceName: rabbitmq-svc
replicas: 1
selector:
matchLabels:
app: rabbitmq
template:
metadata:
labels:
app: rabbitmq
app.kubernetes.io/part-of: ircs
environment: prod
spec:
containers:
- name: rabbitmq
image: rabbitmq:4.1.8-management
imagePullPolicy: IfNotPresent
ports:
- name: amqp
containerPort: 5672
- name: management
containerPort: 15672
env:
- name: RABBITMQ_DEFAULT_USER
value: admin
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
startupProbe:
exec:
command: ["rabbitmq-diagnostics", "-q", "ping"]
failureThreshold: 30
periodSeconds: 10
timeoutSeconds: 10
readinessProbe:
exec:
command: ["rabbitmq-diagnostics", "-q", "ping"]
periodSeconds: 10
timeoutSeconds: 10
livenessProbe:
exec:
command: ["rabbitmq-diagnostics", "-q", "ping"]
periodSeconds: 30
timeoutSeconds: 10
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 768Mi
volumeMounts:
- name: rabbitmq-data
mountPath: /var/lib/rabbitmq
volumeClaimTemplates:
- metadata:
name: rabbitmq-data
labels:
app: rabbitmq
app.kubernetes.io/part-of: ircs
environment: prod
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
ircs-prod/core/manifests/scraper-service.yaml
+133
View File
@@ -0,0 +1,133 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-scraper-service
namespace: ircs-prod
labels:
app: ircs-scraper-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-scraper-service
template:
metadata:
labels:
app: ircs-scraper-service
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-scraper-service@sha256:57d7a63db890dd5be03d3981f428f23a56c46ea367ddcdcebc9d018e873ce457
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-scraper-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: APP_SCRAPER_DIRECT_ITEMS_ENABLED
value: "true"
- name: APP_SCRAPER_TASK_QUEUE_LISTENER_ENABLED
value: "true"
- name: APP_SCRAPER_TASK_QUEUE_RETRY_MAX_RETRIES
value: "3"
- name: IRCS_MESSAGING_RABBIT_TOPOLOGY_RETRY_DELAY_MS
value: "30000"
- name: APP_SCRAPER_TREND_SYNC_MAX_PROVIDER_ITEMS
value: "10"
- name: APP_SCRAPER_TREND_DISCOVERY_MAX_DATA_SOURCES
value: "1"
- name: APP_SCRAPER_CREDENTIAL_SERVICE_BASE_URL
value: http://ircs-credential-service.ircs-prod.svc.cluster.local:8080
- name: APP_SCRAPER_CREDENTIAL_SERVICE_TOKEN
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: SERVICE_CREDENTIAL_TOKEN
- name: APP_SCRAPER_TASK_SERVICE_BASE_URL
value: http://ircs-task-service.ircs-prod.svc.cluster.local:8080
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-scraper-service
namespace: ircs-prod
labels:
app: ircs-scraper-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-scraper-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/search-service.yaml
+149
View File
@@ -0,0 +1,149 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-search-service
namespace: ircs-prod
labels:
app: ircs-search-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-search-service
template:
metadata:
labels:
app: ircs-search-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-search-service@sha256:b935a800abe3c92320408f3410c1883f6367736117e92dd574edced6bb3434e0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-search-service
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: SPRING_ELASTICSEARCH_URIS
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: ELASTICSEARCH_URIS
- name: SPRING_ELASTICSEARCH_USERNAME
value: elastic
- name: SPRING_ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: ELASTICSEARCH_PASSWORD
- name: APP_STORAGE_R2_PUBLIC_DOMAIN
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: R2_PUBLIC_DOMAIN
- name: APP_SEARCH_LISTENER_ENABLED
value: "true"
- name: APP_SEARCH_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_SEARCH_CACHE_ENABLED
value: "true"
- name: APP_SEARCH_CACHE_PORTAL_SUGGEST_TTL
value: PT60S
- name: APP_SEARCH_CACHE_PORTAL_RECOMMEND_TTL
value: PT60S
- name: APP_SEARCH_OUTBOX_RELAY_ENABLED
value: "true"
- name: APP_SEARCH_OUTBOX_RELAY_BATCH_SIZE
value: "50"
- name: APP_SEARCH_OUTBOX_RELAY_INITIAL_DELAY_MS
value: "10000"
- name: APP_SEARCH_OUTBOX_RELAY_FIXED_DELAY_MS
value: "2000"
- name: APP_SEARCH_OUTBOX_RELAY_WORKER_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-search-service
namespace: ircs-prod
labels:
app: ircs-search-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-search-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/storage-service.yaml
+147
View File
@@ -0,0 +1,147 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-storage-service
namespace: ircs-prod
labels:
app: ircs-storage-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-storage-service
template:
metadata:
labels:
app: ircs-storage-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-storage-service@sha256:d84e61ee19b84a77a0cd1c608eb51cf673b0d8fc47571366742542ff5a00b88c
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-storage-service
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_STORAGE_BASE_PATH
value: /app/storage
- name: APP_STORAGE_LISTENER_ENABLED
value: "true"
- name: APP_STORAGE_CONFIG_LISTENER_ENABLED
value: "true"
- name: APP_STORAGE_INTERNAL_ACCESS_REQUIRE_TOKEN
value: "true"
- name: APP_STORAGE_INTERNAL_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: INTERNAL_CREDENTIAL_TOKEN
- name: APP_STORAGE_INTERNAL_ACCESS_AVATAR_SCOPE
value: storage:avatar
- name: APP_STORAGE_R2_ENABLED
value: "false"
- name: APP_STORAGE_IMAGE_MAX_UPLOAD_BYTES
value: "10485760"
- name: APP_STORAGE_R2_WATCHDOG_ENABLED
value: "false"
- name: APP_STORAGE_R2_BUCKET_NAME
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: R2_BUCKET_NAME
- name: APP_STORAGE_R2_PUBLIC_DOMAIN
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: R2_PUBLIC_DOMAIN
volumeMounts:
- name: storage-volume
mountPath: /app/storage
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
volumes:
- name: storage-volume
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: ircs-storage-service
namespace: ircs-prod
labels:
app: ircs-storage-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-storage-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/task-service.yaml
+152
View File
@@ -0,0 +1,152 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ircs-task-service
namespace: ircs-prod
labels:
app: ircs-task-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: ircs-task-service
template:
metadata:
labels:
app: ircs-task-service
app.kubernetes.io/part-of: ircs
environment: prod
annotations:
ircs.prodigalgal.com/no-public-route: "true"
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: app
image: harbor.mnnu.eu.org/ircs/ircs-task-service@sha256:74482cc394083003bb3dc52d9290e3473d3f17b1e5bad01ad91123facf31709f
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
envFrom:
- configMapRef:
name: ircs-prod-app-config
env:
- name: SPRING_APPLICATION_NAME
value: ircs-task-service
- name: SPRING_DATASOURCE_URL
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: DB_URL
- name: SPRING_DATASOURCE_USERNAME
value: postgres
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: DB_PASSWORD
- name: SPRING_RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: ircs-prod-app-config
key: RABBITMQ_HOST
- name: SPRING_RABBITMQ_USERNAME
value: admin
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: ircs-prod-secrets
key: RABBITMQ_PASSWORD
- name: SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE
value: "2"
- name: SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE
value: "0"
- name: SPRING_DATASOURCE_HIKARI_IDLE_TIMEOUT
value: "30000"
- name: APP_TASK_DEFAULT_SEED_ENABLED
value: "true"
- name: APP_TASK_SCHEDULER_ENABLED
value: "false"
- name: APP_TASK_WATCHDOG_ENABLED
value: "false"
- name: APP_TASK_RUNNER_QUEUE_CAPACITY
value: "500"
- name: APP_TASK_QUEUE_ENABLED
value: "true"
- name: APP_TASK_QUEUE_LISTENER_ENABLED
value: "true"
- name: APP_TASK_QUEUE_INITIAL_PAGE_WINDOW
value: "1"
- name: APP_TASK_QUEUE_MAX_PAGES_PER_RUN
value: "1"
- name: APP_TASK_QUEUE_RETRY_MAX_RETRIES
value: "3"
- name: IRCS_MESSAGING_RABBIT_TOPOLOGY_RETRY_DELAY_MS
value: "30000"
- name: APP_TASK_SNAPSHOT_TTL
value: "PT24H"
- name: APP_TASK_SNAPSHOT_FLUSH_ENABLED
value: "true"
- name: APP_TASK_SNAPSHOT_FLUSH_DELAY_MS
value: "30000"
- name: APP_TASK_SNAPSHOT_FLUSH_BATCH_SIZE
value: "100"
- name: APP_TASK_TREND_DISCOVERY_MAX_KEYWORDS
value: "3"
- name: APP_TASK_TREND_DISCOVERY_MAX_DATA_SOURCES
value: "1"
- name: IRCS_OUTBOUND_CIRCUIT_TASK_SCRAPER_EXECUTION_ENABLED
value: "true"
- name: IRCS_OUTBOUND_CIRCUIT_TASK_SCRAPER_EXECUTION_FAILURE_THRESHOLD
value: "5"
- name: IRCS_OUTBOUND_CIRCUIT_TASK_SCRAPER_EXECUTION_OPEN_DURATION_MS
value: "30000"
- name: IRCS_OUTBOUND_CIRCUIT_TASK_SCRAPER_EXECUTION_HALF_OPEN_MAX_CALLS
value: "1"
startupProbe:
httpGet:
path: /actuator/health/liveness
port: http
failureThreshold: 30
periodSeconds: 5
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: http
periodSeconds: 10
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: http
periodSeconds: 30
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 250m
memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
name: ircs-task-service
namespace: ircs-prod
labels:
app: ircs-task-service
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: ircs-task-service
ports:
- name: http
port: 8080
targetPort: http
ircs-prod/core/manifests/valkey.yaml
+77
View File
@@ -0,0 +1,77 @@
apiVersion: v1
kind: Service
metadata:
name: valkey-svc
namespace: ircs-prod
labels:
app: valkey
app.kubernetes.io/part-of: ircs
environment: prod
spec:
type: ClusterIP
selector:
app: valkey
ports:
- name: valkey
port: 6379
targetPort: valkey
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: valkey
namespace: ircs-prod
labels:
app: valkey
app.kubernetes.io/part-of: ircs
environment: prod
spec:
replicas: 1
selector:
matchLabels:
app: valkey
template:
metadata:
labels:
app: valkey
app.kubernetes.io/part-of: ircs
environment: prod
spec:
containers:
- name: valkey
image: valkey/valkey:8-alpine
imagePullPolicy: IfNotPresent
ports:
- name: valkey
containerPort: 6379
args:
- valkey-server
- --save
- ""
- --appendonly
- "no"
- --maxmemory
- 96mb
- --maxmemory-policy
- allkeys-lru
startupProbe:
exec:
command: ["valkey-cli", "ping"]
failureThreshold: 30
periodSeconds: 5
readinessProbe:
exec:
command: ["valkey-cli", "ping"]
periodSeconds: 10
livenessProbe:
exec:
command: ["valkey-cli", "ping"]
periodSeconds: 30
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi