chore: initial import for test contour

2026-05-27 19:36:33 +03:00
commit 11596ee01b
36 changed files with 2816 additions and 0 deletions
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: adminpanel
+description: Sova admin panel SPA
+type: application
+version: 0.1.0
+appVersion: "1.0.0"
@@ -0,0 +1,77 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: adminpanel-env-js
+  namespace: {{ .Values.namespace }}
+data:
+  env.js: |
+    window.__ENV__ = {
+      API_BASE_URL: {{ .Values.runtimeEnv.API_BASE_URL | quote }}
+    };
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: adminpanel
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: adminpanel
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: adminpanel
+  template:
+    metadata:
+      labels:
+        app: adminpanel
+    spec:
+      containers:
+        - name: adminpanel
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: env-js
+              mountPath: /config/env.js
+              subPath: env.js
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: env-js
+          configMap:
+            name: adminpanel-env-js
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: adminpanel
+  namespace: {{ .Values.namespace }}
+spec:
+  selector:
+    app: adminpanel
+  ports:
+    - port: 80
+      targetPort: 80
+---
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: adminpanel
+  namespace: {{ .Values.namespace }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: adminpanel
+                port:
+                  number: 80
+{{- end }}
@@ -0,0 +1,8 @@
+ingress:
+  host: admin.stage.sova.local
+
+runtimeEnv:
+  API_BASE_URL: https://api.stage.sova.local
+
+image:
+  tag: adminpanel-v0.0.0-stage
@@ -0,0 +1,8 @@
+ingress:
+  host: admin.test.sova.local
+
+runtimeEnv:
+  API_BASE_URL: http://api.test.sova.local
+
+image:
+  tag: local-test
@@ -0,0 +1,24 @@
+namespace: sova-test
+
+image:
+  repository: sova-adminpanel
+  tag: local-test
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+ingress:
+  enabled: true
+  className: nginx
+  host: admin.test.sova.local
+
+runtimeEnv:
+  API_BASE_URL: http://api.test.sova.local
+
+resources:
+  requests:
+    cpu: 50m
+    memory: 64Mi
+  limits:
+    cpu: 200m
+    memory: 128Mi
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: backend
+description: Sova Symfony backend
+type: application
+version: 0.1.0
+appVersion: "1.0.0"
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCkU4Upp//lZHH6
+P6AYzl5lT4p/R3lBVPKnCHyvPH/fq34740YUc8eoOLCT9Sr7+DNuIRJa5YLQUqo1
+BsmOYUI6I97mzAuIQQczuMbC+srXq9ivRbGvvteUuP4ZS/Tu3rd2hUFk4D0ytUdG
+emgwOs+CrzOcVtCfgwBohYYHwMmODjdP/VkrGHP2cJtjKcT4HzW/iSfR/YVMa4fD
+ujNPB2kOplAYbJZUkQ0wZfHbFYJ7bnn7eln/XEsxKDsWtvtOKbjKITW/FRjIl+W8
+rY9rfb2jtrZoKS7WlDhdz4MvzDz0CEaHQi5SugNH1yoJ27PP27IO1XorCr/Mp05c
+kK5d8QJaeGz+0OlLw5MHG6ep5YqbYdY8oTkSNJpfH/5ndp6B+pL2z0640sURKPLv
+Rslfs7HcizcRhuCvtirrzoitfLfyC3QciW7yglS21F9bMtoy/M/9ea7HrhjRFI2O
+hYX7CU6xAywEVqNtlWQ48gWR8AxgtV60e91FEgNC/YZWJvx2jd3+PEkX7+rqg21N
+Z/8B95Y2woOhedcB9jzx+Tcd/O8jKzk3rH6/vbVS8rrQxDRCXFwS5FB5Mz/FfWm6
+Vhife1FC/Umag+5YpM6lkR5i16AlStqfOdGIr2JXox9gYNk2kJmyJWCG/Rwdd8rZ
+06Z2XRTEH77j7yeMbmUadu3o5J3zbwIDAQABAoICAAlr5ncgdDoFO8myyy2Q63WY
+jWLFyMx3n9/2yxtK9zPuQ7MQUUzL5JcfBPS+ukOvE9fNGp3OieUC0FJw/K5moiLu
+OpH2AfVCcTTEc9TrByU9a5OFBe6DHR4gSyVNJxJo/5DSjBDKEIgvP5JpYz7cqFgg
+Tm+4xIZYvvW/LhOUuJml9ALojiu7364x/568XtgxBeZg6UEPbYyXn7WXn+h4jsvx
+uibkVuwrUtvDBI5gmdYU2/aQqcdL1d3QJi8jt53gI4GnTMsTXRPnLZtXQiFSGMTh
+rWyka9SOs/qg8q8TYS1GqjCIGVrR4m1Eh1sAVztkJ73U/IeqOpvzvbjt7KljL5TD
+tZFcgV4pVYUDMuz2/4wFY8//9ubx7lweizwmdF+XZ/favmUSwVwLYPA8ouY6Z9SA
+ZM9kCupe/evsJzd9xQ0Hkh47HAZJzhMPUscq3knMw524BAFMy4a+mcXIspiVsXmP
+Ngmf6yVPk6oinU3nF5Hab1sFqMAvcJVroE/wd/af7bTbA+jSMs8k2pLF89aERy8O
+iCvERF6KEEcbzKnTiTKpXTBqHgVVRqHAyu92rMtNh1wUWBOgmTs/YdNbvTCAOQRc
+PXekp86EEAF48oACllxIRteAM3RwGYT1uESlD7o31wLuGoXb04pLcoEIawq5554J
+QaZWMUyhTKvy9N2P6StdAoIBAQDf+MVPo02src4+GpPOB1Soc6PiHFbytn9Xr4+Y
+QaMM0EkSD5r0WGxQlF2GO2spP3olDzuRMyl8lKiY32dy9oAx5qRThFkTt63lHEjP
+aqNlqH6TAnFCPydjeeo/mfP+xNkw3eTFuiDalnZAqttYYcLV4vQ73jRqNzfV1Iqu
+FU1dii6yHbKwUo/v8ONUGjIkwJcRcGt3+gZ9eFfc8cd8Llsljho3CHAxEXmfP3dJ
+EgVXqal4DOdZLTd1BRZ5R0/8O7zjzgdh4GT/7+eMYGsJ8kFzp+RrVHwUgLuFOvJ8
+fy8OhST4ClEl7sNhhwAdlxpStuBsThwKdpSIT2hMEYRLmeQ1AoIBAQC70zpIksOe
+qr4dFkF2SAkawTzAadPC+fqh5HHDJKBDiFdemK/Ch5GvL40urZO07BJUn/bgbzDd
+JevcgMtWDw8WJQFOu4c4BCjTnLKwddFDu/yx5BSwZrljGa3Y9KBzfUF6phdB09tp
+5ouokdRfW8slM12HLI19z3Wpoy0m8t96opWLrzR1rop+qEgc6dsF6yoMw1d/Ylxb
+lijN5wC2kw1oo1RIbq761+YJnZoG63aIUFSpzyMGmvZd5EzSUoDlnn6NuZTT8kd0
+DZ0UpwLM8Eq+A/ktVDrLMEvgfcQWrLh45q5qubejpLVHxoahplxZyI03ziWvgZiC
+bGi20Dr8O2WTAoIBACQH0j4oiENiRo6JGgQH+9+JkvC6HGa5Yy0JCjG1RXS3QToN
+lqD+ZJZl99GzV17wXkb991g5gdAP3juRnQPKkf71GrRw0x+v6eK0tSXhAt5Ex/AA
+cZX1sPF42G1Y5/6xTjtlRvtkIQrpL6bhlZ3XRE/CTgYfjhEURwA4TAMLXEHTDAYN
+bwSck5lHCFssR6rP7L2adz960nZ22LOrlartji4xeRgnXF0YcZdjz13K718V5TRx
+5vnao1RI+D+UcFKkjZOcPmXJgpYF0xsrG60i8tKXTNDTa46k0wXw4LeUgk50rujU
+SA+xJG9ZF3SrLUnnL51cx3gLcYOoOqAaJU1AOY0CggEAKwyd5jZlSb+etXH9bQvT
+smMp9nwLAjxjeqmufWiupuvgApmCZ1bFSF7gwBseqLAW/3hukEBL9dQUPET01fO7
+pHq00wPeWTNy3BWlSxal8R1sLKW3LDtPMGyZUQm4oN/Lmz3oRLk3KA2kYu2RvI2A
+gTVFsY6/m19qe4gf+DZgjG4pUovEvVhU+/S8GoxrG+8rgyNesZ6sxn0jOxZALpiD
+0UDmN3fO+UV0vy11OTLMxy+KSCVmxMPNxfVmuioYywhJv1gSyYVVZT8dirdAyBIn
+P2gPu5j7pMicC4cn436RBXzx6xpIAeTle97/ypsjvZxe6bSBJLnSZ8pLMeOGMXu3
+qwKCAQBciBLuwfG7zLjMZ+yP02c9tIkBbKlAmDbxZa254Fc0g20z1VCEvoXbZzZN
+zobFHqh+/3MV6srOZ9b2mZ1Bsa27JFe1IomjWbaIYxDhowwkSL4sjyz6zeXJ25pc
+f3eInXcOO9x/CIt3jEKUk/D9pBt7xCzomL5QxSVZLcotx29mPxk/SOq/a2iSp26o
+Wd3KHlxMA99QFQqIWwbLi/wAmi/z/mEBW5ga/dYhylIZuSAjVOiAjgJKyciIWN2
+bVJ3DHJncIjvfmcG7pgb74dF/qDfyTaoVjGgKARFQQ35RnFbtsmbKrXJodXu0P7D
+Qj4/0IvpjRaHVLVf2Nscjx/7Km6N
+-----END PRIVATE KEY-----
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApFOFKaf/5WRx+j+gGM5e
+ZU+Kf0d5QVTypwh8rzx/36t+O+NGFHPHqDiwk/Uq+/gzbiESWuWC0FKqNQbJjmFC
+OiPe5swLiEEHM7jGwvrK16vYr0Wxr77XlLj+GUv07t63doVBZOA9MrVHRnpoMDrP
+gq8znFbQn4MAaIWGB8DJjg43T/1ZKxhz9nCbYynE+B81v4kn0f2FTGuHw7ozTwdp
+DqZQGGyWVJENMGXx2xWCe255+3pZ/1xLMSg7Frb7Tim4yiE1vxUYyJflvK2Pa329
+o7a2aCku1pQ4Xc+DL8w89AhGh0IuUroDR9cqCduzz9uyDtV6Kwq/zKdOXJCuXfEC
+Wnhs/tDpS8OTBxunqeWKm2HWPKE5EjSaXx/+Z3aegfqS9s9OuNLFESjy70bJX7Ox
+3Is3EYbgr7Yq686IrXy38gt0HIlu8oJUttRfWzLaMvzP/Xmux64Y0RSNjoWF+wlO
+sQMsBFajbZVkOPIFkfAMYLVetHvdRRIDQv2GVib8do3d/jxJF+/q6oNtTWf/AfeW
+NsKDoXnXAfY88fk3HfzvIys5N6x+v721UvK60MQ0QlxcEuRQeTM/xX1pulYYn3tR
+Qv1JmoPuWKTOpZEeYtegJUranznRiK9iV6MfYGDZNpCZsiVghv0cHXfK2dOmdl0U
+xB++4+8njG5lGnbt6OSd828CAwEAAQ==
+-----END PUBLIC KEY-----
@@ -0,0 +1,232 @@
+{{- if .Values.jwt.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: backend-jwt
+  namespace: {{ .Values.namespace }}
+type: Opaque
+data:
+  private.pem: {{ .Files.Get "jwt/private.pem" | b64enc }}
+  public.pem: {{ .Files.Get "jwt/public.pem" | b64enc }}
+---
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: backend-env
+  namespace: {{ .Values.namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-10"
+    helm.sh/hook-delete-policy: before-hook-creation
+type: Opaque
+stringData:
+{{- range $key, $val := .Values.secrets }}
+  {{ $key }}: {{ $val | quote }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backend-nginx-config
+  namespace: {{ .Values.namespace }}
+data:
+  default.conf: |
+    server {
+        listen 8080;
+        server_name _;
+        root /app/public;
+        index index.php;
+        client_max_body_size 108M;
+        location / {
+            try_files $uri /index.php$is_args$args;
+        }
+        location ~* \.(?:jpg|jpeg|gif|png|ico|css|js|svg|woff2)$ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+            access_log off;
+            try_files $uri =404;
+        }
+        location ~ ^/index\.php(/|$) {
+            fastcgi_pass 127.0.0.1:9000;
+            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+            fastcgi_param DOCUMENT_ROOT $realpath_root;
+            fastcgi_param HTTP_PROXY "";
+            internal;
+        }
+        location ~ \.php$ {
+            return 404;
+        }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: backend
+    env: test
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+        env: test
+    spec:
+      containers:
+        - name: php-fpm
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - containerPort: 9000
+              name: fpm
+          envFrom:
+            - secretRef:
+                name: backend-env
+          env:
+            - name: JWT_SECRET_KEY
+              value: /app/config/jwt/private.pem
+            - name: JWT_PUBLIC_KEY
+              value: /app/config/jwt/public.pem
+{{- range $key, $val := .Values.env }}
+            - name: {{ $key }}
+              value: {{ $val | quote }}
+{{- end }}
+          volumeMounts:
+            - name: app-public
+              mountPath: /app/public
+            - name: jwt-keys
+              mountPath: /app/config/jwt
+              readOnly: true
+          resources:
+            {{- toYaml .Values.resources.php | nindent 12 }}
+        - name: nginx
+          image: {{ .Values.nginx.image }}
+          ports:
+            - containerPort: 8080
+              name: http
+          volumeMounts:
+            - name: app-public
+              mountPath: /app/public
+              readOnly: true
+            - name: nginx-config
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+          resources:
+            {{- toYaml .Values.resources.nginx | nindent 12 }}
+      initContainers:
+        - name: copy-public
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          command: ["sh", "-c", "cp -a /app/public/. /public/"]
+          volumeMounts:
+            - name: app-public
+              mountPath: /public
+      volumes:
+        - name: app-public
+          emptyDir: {}
+        - name: nginx-config
+          configMap:
+            name: backend-nginx-config
+        - name: jwt-keys
+          secret:
+            secretName: backend-jwt
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend
+  namespace: {{ .Values.namespace }}
+spec:
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080
+---
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: backend
+  namespace: {{ .Values.namespace }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: backend
+                port:
+                  number: 80
+{{- end }}
+---
+{{- if .Values.migrate.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: backend-migrate
+  namespace: {{ .Values.namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "0"
+    helm.sh/hook-delete-policy: before-hook-creation
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: migrate
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          command: ["php", "bin/console", "doctrine:migrations:migrate", "--no-interaction"]
+          envFrom:
+            - secretRef:
+                name: backend-env
+          env:
+{{- range $key, $val := .Values.env }}
+            - name: {{ $key }}
+              value: {{ $val | quote }}
+{{- end }}
+{{- end }}
+---
+{{- if .Values.cronjobs.clearScheduleCache.enabled }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backend-clear-schedule-cache
+  namespace: {{ .Values.namespace }}
+spec:
+  schedule: {{ .Values.cronjobs.clearScheduleCache.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      activeDeadlineSeconds: 3600
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - name: console
+              image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+              command: {{ .Values.cronjobs.clearScheduleCache.command | toJson }}
+              envFrom:
+                - secretRef:
+                    name: backend-env
+              env:
+{{- range $key, $val := .Values.env }}
+                - name: {{ $key }}
+                  value: {{ $val | quote }}
+{{- end }}
+{{- end }}
@@ -0,0 +1,10 @@
+ingress:
+  host: api.stage.sova.local
+
+image:
+  tag: backend-v0.0.0-stage
+
+env:
+  API_PUBLIC_URL: https://api.stage.sova.local
+  API_BASE_URL: https://api.stage.sova.local
+  INTEGRATIONS_STUB_MODE: "true"
@@ -0,0 +1,9 @@
+ingress:
+  host: api.test.sova.local
+
+image:
+  tag: local-test
+
+env:
+  API_PUBLIC_URL: http://api.test.sova.local
+  API_BASE_URL: http://api.test.sova.local
@@ -0,0 +1,79 @@
+namespace: sova-test
+
+image:
+  repository: sova-backend
+  tag: local-test
+  pullPolicy: IfNotPresent
+
+nginx:
+  image: nginx:1.27-alpine
+
+replicaCount: 1
+
+ingress:
+  enabled: true
+  className: nginx
+  host: api.test.sova.local
+  tls: false
+
+resources:
+  php:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+  nginx:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: 200m
+      memory: 128Mi
+
+env:
+  APP_ENV: prod
+  APP_DEBUG: "0"
+  MIS_URL: http://mis-mock.sova-mocks.svc.cluster.local:8080
+  WIDGET_API_URL: http://mis-mock.sova-mocks.svc.cluster.local:8080
+  BITRIX_URL: http://mis-mock.sova-mocks.svc.cluster.local:8080
+  SMARTCAPTCHA_URL: http://mis-mock.sova-mocks.svc.cluster.local:8080
+  CT_URL: http://mis-mock.sova-mocks.svc.cluster.local:8080
+  API_PUBLIC_URL: http://api.test.sova.local
+  API_BASE_URL: http://api.test.sova.local
+  INTEGRATIONS_STUB_MODE: "true"
+  MAILER_DSN: smtp://mailpit.sova-mocks.svc.cluster.local:1025
+  MESSENGER_TRANSPORT_DSN: doctrine://default?auto_setup=0
+  CORS_ALLOW_ORIGIN: "['http://admin.test.sova.local','https://admin.test.sova.local']"
+
+secrets:
+  APP_SECRET: change-me-test-secret
+  DATABASE_URL: postgresql://sova_test:sova_test_pass@postgresql-test.sova-data-test.svc.cluster.local:5432/sova_backend_test?serverVersion=16&charset=utf8
+  DATABASE_CABINET_URL: postgresql://sova_test:sova_test_pass@postgresql-test.sova-data-test.svc.cluster.local:5432/sova_cabinet_test?serverVersion=16&charset=utf8
+  DATABASE_BITRIX_URL: mysql://bitrix_test:bitrix_test_pass@mysql-bitrix-test.sova-data-test.svc.cluster.local:3306/sova_bitrix_test?serverVersion=8.0
+  REDIS_URL: redis://:redis_test_pass@redis-test-master.sova-data-test.svc.cluster.local:6379/0
+  JWT_PASSPHRASE: ""
+  AES_SECRET_KEY: test-aes-secret-key-32bytes-min!!
+  MAILER_ACCESS_TOKEN: test-mailer-token
+  SMSRU_URL: http://noop.invalid
+  SMSRU_TOKEN: noop
+  SMSRU_SENDER: noop
+  SMS4B_URL: http://noop.invalid
+  SMS4B_TOKEN: noop
+  SMS4B_SENDER: noop
+  CT_PARAMS: "91:1:token"
+  SMARTCAPTCHA_KEY: test-key
+  API_CLIENT: sova-test-bot
+
+migrate:
+  enabled: false
+
+jwt:
+  enabled: true
+
+cronjobs:
+  clearScheduleCache:
+    enabled: true
+    schedule: "0 */6 * * *"
+    command: ["php", "bin/console", "app:schedule:clear-cache"]