Transcity/poc-reports
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
poc-reports/sds/app/sds-api.yaml
Paul-Henry PERRIN d1057513ad Add superset
2026-01-27 14:48:39 +01:00

402 lines
9.6 KiB
YAML
Raw Permalink Blame History

---
apiVersion: db-caretaker.dev/v1alpha1
kind: Database
metadata:
name: sds
spec:
dropOnDelete: true
name: sds
serverRef:
name: pg-common
namespace: commons
---
apiVersion: db-caretaker.dev/v1alpha1
kind: DatabaseUser
metadata:
name: sds-api
spec:
databaseRef:
name: sds
login: sdsapi
role: dbowner
secret: sds-api-db-credentials
secretConnectionStringKey: connectionString
secretConnectionStringFormat: postgres://{login}:{password_urlsafe}@{server}:{port}/{database}
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcRealm
metadata:
name: sds-agents
spec:
realm: sds-agents
displayName: "SDS Agents"
loginWithEmailAllowed: true
bruteForceDetection:
enabled: true
excludeDefaultRoles:
- client: account
name: manage-account
- client: account
name: view-profile
roles:
- name: "sds:admin"
- name: "sds:agent"
- name: "sds:helpdesk"
- name: "sds:reporting"
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcClient
metadata:
name: sds-agents-api
spec:
realm: sds-agents
clientId: sds-api
name: SDS Api
publicClient: false
standardFlowEnabled: true
serviceAccountsEnabled: true
clientSecretName: sds-agents-api-client-credentials
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcGroup
metadata:
name: sds-agents-api
spec:
realm: sds-agents
name: sds-api
clientRoles:
realm-management:
- manage-realm
- manage-users
- manage-clients
- view-users
realmRoles:
- sds:admin
users:
- service-account-sds-api
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcClient
metadata:
name: sds-agents-ui
spec:
realm: sds-agents
clientId: sds-ui-admin
name: SDS UI
publicClient: true
standardFlowEnabled: true
serviceAccountsEnabled: true
clientSecretName: sds-agents-ui-client-credentials
redirectUris:
- "*"
webOrigins:
- "*"
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcRealm
metadata:
name: sds-third-parties
spec:
realm: sds-third-parties
displayName: "SDS Third Parties"
loginWithEmailAllowed: true
bruteForceDetection:
enabled: true
excludeDefaultRoles:
- client: account
name: manage-account
- client: account
name: view-profile
roles:
- name: "sds:administration"
- name: "sds:standard"
- name: "sds:third-parties"
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcClient
metadata:
name: sds-third-parties-api
spec:
realm: sds-third-parties
clientId: sds-api
name: SDS Api
publicClient: false
standardFlowEnabled: true
serviceAccountsEnabled: true
clientSecretName: sds-third-parties-api-client-credentials
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcGroup
metadata:
name: sds-third-parties-api
spec:
realm: sds-third-parties
name: sds-api
clientRoles:
realm-management:
- manage-realm
- manage-users
- manage-clients
- view-users
users:
- service-account-sds-api
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcRealm
metadata:
name: sds-customers
spec:
realm: sds-customers
displayName: "SDS Customers"
loginWithEmailAllowed: true
bruteForceDetection:
enabled: true
excludeDefaultRoles:
- client: account
name: manage-account
- client: account
name: view-profile
roles:
- name: "sds:admin"
- name: "sds:customer"
- name: "sds:ui"
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcClient
metadata:
name: sds-customers-api
spec:
realm: sds-customers
clientId: sds-api
name: SDS Api
publicClient: false
standardFlowEnabled: true
serviceAccountsEnabled: true
clientSecretName: sds-customers-api-client-credentials
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcGroup
metadata:
name: sds-customers-api
spec:
realm: sds-customers
name: sds-api
clientRoles:
realm-management:
- manage-realm
- manage-users
- manage-clients
- view-users
users:
- service-account-sds-api
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcRealm
metadata:
name: sds-retailers
spec:
realm: sds-retailers
displayName: "SDS Retailers"
loginWithEmailAllowed: true
bruteForceDetection:
enabled: true
excludeDefaultRoles:
- client: account
name: manage-account
- client: account
name: view-profile
roles:
- name: "sds:retailer"
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcClient
metadata:
name: sds-retailers-api
spec:
realm: sds-retailers
clientId: sds-api
name: SDS Api
publicClient: false
standardFlowEnabled: true
serviceAccountsEnabled: true
clientSecretName: sds-retailers-api-client-credentials
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcGroup
metadata:
name: sds-retailers-api
spec:
realm: sds-retailers
name: sds-api
clientRoles:
realm-management:
- manage-realm
- manage-users
- manage-clients
- view-users
users:
- service-account-sds-api
---
apiVersion: keycloak-configurator.rcs/v1alpha1
kind: KcRealm
metadata:
name: sds-docs
spec:
realm: sds-docs
displayName: "SDS Docs"
loginWithEmailAllowed: true
bruteForceDetection:
enabled: true
excludeDefaultRoles:
- client: account
name: manage-account
- client: account
name: view-profile
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sds-api
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: sds-api
app.kubernetes.io/name: sds-api
template:
metadata:
labels:
app.kubernetes.io/instance: sds-api
app.kubernetes.io/name: sds-api
spec:
containers:
- name: api
image: registry.dev.k8s.transcity/sds/api:latest
imagePullPolicy: Always
env:
- name: SERVER_PORT
value: "3000"
- name: EVENTS_TURNIT_ENABLED
value: "false"
- name: EVENTS_AZURE_ENABLED
value: "false"
- name: SDS_PUPPETEER_API_URL
value: "http://sds-puppeteer:3000"
- name: PRINT_REPORT_URL
value: "http://sds-ui-admin:3000"
- name: REDIS_HOST
value: "valkey"
- name: ELASTICSEARCH_URL
value: "http://elastic:GTRNZHCJTiGJ2CfY@elasticsearch-master:9200"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: sds-api-db-credentials
key: connectionString
- name: KEYCLOAK_URL
value: "https://keycloak.alpha.k8s.transcity"
- name: KEYCLOAK_AGENTS_REALM
value: sds-agents
- name: KEYCLOAK_AGENTS_CLIENT_ID
valueFrom:
secretKeyRef:
name: sds-agents-api-client-credentials
key: clientId
- name: KEYCLOAK_AGENTS_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: sds-agents-api-client-credentials
key: clientSecret
- name: PRINTER_REALM
value: sds-agents
- name: PRINTER_CLIENT_ID
valueFrom:
secretKeyRef:
name: sds-agents-api-client-credentials
key: clientId
- name: PRINTER_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: sds-agents-api-client-credentials
key: clientSecret
- name: KEYCLOAK_THIRD_PARTY_REALM
value: sds-third-parties
- name: KEYCLOAK_THIRD_PARTY_CLIENT_ID
valueFrom:
secretKeyRef:
name: sds-third-parties-api-client-credentials
key: clientId
- name: KEYCLOAK_THIRD_PARTY_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: sds-third-parties-api-client-credentials
key: clientSecret
- name: KEYCLOAK_CUSTOMERS_REALM
value: sds-customers
- name: KEYCLOAK_CUSTOMERS_CLIENT_ID
valueFrom:
secretKeyRef:
name: sds-customers-api-client-credentials
key: clientId
- name: KEYCLOAK_CUSTOMERS_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: sds-customers-api-client-credentials
key: clientSecret
- name: KEYCLOAK_RETAILERS_REALM
value: sds-retailers
- name: KEYCLOAK_RETAILERS_CLIENT_ID
valueFrom:
secretKeyRef:
name: sds-retailers-api-client-credentials
key: clientId
- name: KEYCLOAK_RETAILERS_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: sds-retailers-api-client-credentials
key: clientSecret
- name: AZ_STORAGE_CONNECTION_STRING
value: "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://azurite:10000/devstoreaccount1;"
- name: NODE_EXTRA_CA_CERTS
value: /etc/ssl/certs/ca-certificates.crt
ports:
- name: http
containerPort: 3000
readinessProbe:
exec:
command: [ "wget", "-O", "/dev/null", "-q", "http://127.0.0.1:3000/health" ]
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
volumeMounts:
- name: root-ca-bundle
mountPath: /etc/ssl/certs/ca-certificates.crt
subPath: ca.crt
readOnly: true
volumes:
- name: root-ca-bundle
secret:
secretName: root-ca-bundle
---
apiVersion: v1
kind: Service
metadata:
name: sds-api
spec:
ports:
- name: http
port: 3000
targetPort: http
selector:
app.kubernetes.io/instance: sds-api
app.kubernetes.io/name: sds-api
type: ClusterIP
Reference in New Issue View Git Blame Copy Permalink