diff --git a/yonote-chart-service/Chart.lock b/yonote-chart-service/Chart.lock index a59078e..fe552e9 100644 --- a/yonote-chart-service/Chart.lock +++ b/yonote-chart-service/Chart.lock @@ -14,17 +14,17 @@ dependencies: - name: app repository: https://dysnix.github.io/charts version: 0.3.15 -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 11.6.6 +- name: postgres + repository: https://groundhog2k.github.io/helm-charts/ + version: 0.3.9 - name: redis - repository: https://charts.bitnami.com/bitnami - version: 16.12.1 + repository: https://groundhog2k.github.io/helm-charts/ + version: 0.7.0 - name: minio - repository: https://charts.bitnami.com/bitnami - version: 12.7.0 -- name: keycloak - repository: https://charts.bitnami.com/bitnami - version: 14.0.0 -digest: sha256:928723e189de54fafe19316743b8f9d08d7c74f9728b0c4afb1f5cd3ee1e83dc -generated: "2024-08-25T00:46:01.648512702+03:00" + repository: https://charts.min.io/ + version: 5.4.0 +- name: keycloakx + repository: https://codecentric.github.io/helm-charts + version: 1.3.2 +digest: sha256:ad0128ad6d526a8946d659481ec5dc19d1faf785919efbcc689a37ae80bc820e +generated: "2025-10-30T14:17:59.001901626+03:00" diff --git a/yonote-chart-service/Chart.yaml b/yonote-chart-service/Chart.yaml index 6256ecc..d8344f2 100644 --- a/yonote-chart-service/Chart.yaml +++ b/yonote-chart-service/Chart.yaml @@ -39,7 +39,7 @@ dependencies: version: "0.3.9" repository: https://groundhog2k.github.io/helm-charts/ condition: yonoteDatabase.enabled - alias: yonoteDatabase + alias: yonote-database - name: redis version: "0.7.0" @@ -48,11 +48,17 @@ dependencies: alias: yonote-redis - name: minio - version: "12.7.0" + version: "5.4.0" repository: https://charts.min.io/ condition: minio.enabled alias: minio +# - name: app +# version: "0.3.15" +# repository: https://artifacts.wilix.dev/repository/helm-dysnix +# condition: keycloak.enabled +# alias: keycloak + - name: keycloakx version: "1.3.2" repository: https://codecentric.github.io/helm-charts diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index a3e9229..20dbeac 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -3,26 +3,26 @@ global: config: secret: stringData: - DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.settings.userDatabase.user }}:{{ .Values.yonoteDatabase.settings.userDatabase.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.settings.userDatabase.database }}' - POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.settings.superuserPassword.password }}" - AWS_ACCESS_KEY_ID: "{{ .Values.minio.customUser }}" # Ваш идентификатор ключа доступа к AWS. - AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.customAccessKey }}" # Ваш секретный ключ доступа AWS. - OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). + DATABASE_URL: 'postgres://yonote:wsGZ6kXhr5@cnpg-yonote-pg-rw:5432/yonote' + POSTGRES_PASSWORD: "QQYw4UjOU" + AWS_ACCESS_KEY_ID: "console" # Ваш идентификатор ключа доступа к AWS. + AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS. + OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. SMTP_PASSWORD: "1234" UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. TELEGRAM_BOT_TOKEN: "1234" - UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения - SERVICE_WORKER_PUBLIC_KEY: "1234" + UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" + LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NjAzNDA0NTYsImV4cCI6MTc2MzA2NzU5OX0.Umhd1az0qC8EXEiC8xvVuqrxG2oEePGGWa_RAYWgzSKavXy7qnaIn_pjK8J56UfP8nDLVC6rxgjPhs0g8bZfrDslYrzMuiWstUt5TDwFDfjZbqHvxzShkBZ5FUSM-qFD3qdGnfBucKdt046CY40_S0hlN3Rjl7WasnOZHnyTlHpbVeaFTwc8fsWL0IxBOxCF73F7hI4S7FC15ANwUD4WwKQDCGxYJ5ZTn5uYZII9WZ2wjWC-__xGEehZ7cHmwRAPcm471zEwkUY9sXRoMjITtTbtFkCChpp8BPC1zBUdWVPgtMqFnFbtjhtmDiCiQeebVqz9tjE_wgU6gBhNpJhXaA" # Обратитесь в отдел продаж для получения + SERVICE_WORKER_PUBLIC_KEY: "1234" SERVICE_WORKER_PRIVATE_KEY: "1234" # Генерация ключей (web-push) Service Worker - # 1) Установить Node.js и npm + # 1) Установить Node.js и npm # 2) Выполнить команду для генерации ключей # npx web-push generate-vapid-keys # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) -yonoteDatabase: +yonote-database: settings: superuserPassword: "QQYw4UjOU" userDatabase: @@ -33,9 +33,13 @@ yonote-redis: - "--user redis:redis" minio: - #customAccessKey: "qwer-12314q-qwersa" rootPassword: "qwettaas" keycloak: - auth: - adminPassword: "root" + database: + password: password1 + #secrets: + # secrets: + # stringData: + # KEYCLOAK_ADMIN_PASSWORD: secret + # KC_DB_PASSWORD: "password1" diff --git a/yonote-chart-service/templates/configmap-initdb.yaml b/yonote-chart-service/templates/configmap-initdb.yaml index 65c5c4a..05049e9 100644 --- a/yonote-chart-service/templates/configmap-initdb.yaml +++ b/yonote-chart-service/templates/configmap-initdb.yaml @@ -3,5 +3,12 @@ kind: ConfigMap metadata: name: postgres-init-scripts data: - init.sql: | - CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}"; \ No newline at end of file + init-keycloak-db.sh: | + !/bin/bash + set -e + + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE DATABASE keycloak; + CREATE USER keycloaku WITH PASSWORD 'password1'; + GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloaku; + EOSQL diff --git a/yonote-chart-service/templates/cronjob.yaml b/yonote-chart-service/templates/cronjob.yaml index 60a2763..e0ca3e6 100644 --- a/yonote-chart-service/templates/cronjob.yaml +++ b/yonote-chart-service/templates/cronjob.yaml @@ -1,37 +1,3 @@ -{{- if eq ($.Values.global.yonote_cron_calendar_events.cron_enabled | toString) "true" }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: cron-calendar-events -spec: - schedule: "*/1 * * * *" - jobTemplate: - spec: - template: - spec: - containers: - - name: cron-calendar-events - image: curlimages/curl - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: yonote-secrets - command: - - /bin/sh - - -c - - >- - date; - curl - -X POST - {{ .Values.global.yonote_cron_calendar_events.url }} - -H "Content-Type: application/json" - -d ' - { - "token": "$(UTILS_SECRET)" - } - ' - restartPolicy: OnFailure -{{- end }} --- {{- if eq ($.Values.global.yonote_cron_task_scheduler.cron_enabled | toString) "true" }} apiVersion: batch/v1 diff --git a/yonote-chart-service/templates/mcJob.yaml b/yonote-chart-service/templates/mcJob.yaml index 4421c2b..b079ab3 100644 --- a/yonote-chart-service/templates/mcJob.yaml +++ b/yonote-chart-service/templates/mcJob.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: mc-client - image: "quay.io/minio/mc:RELEASE.2024-12-18T13-15-44Z" + image: "minio/mc:RELEASE.2025-01-17T23-25-50Z" command: ["/bin/sh", "-c"] args: - | diff --git a/yonote-chart-service/templates/realm-configmap.yaml b/yonote-chart-service/templates/realm-configmap.yaml index 11d7483..7b15b13 100644 --- a/yonote-chart-service/templates/realm-configmap.yaml +++ b/yonote-chart-service/templates/realm-configmap.yaml @@ -55,11 +55,11 @@ data: "redirectUris": [ "https://*.{{ .Values.global.yonote.baseListenAddress }}/*", "http://*.{{ .Values.global.yonote.baseListenAddress }}/*", - "http://app.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://app.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" + "http://team.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://team.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://team.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" ], - "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}", + "baseUrl": "https://team.{{ .Values.global.yonote.baseListenAddress }}", "enabled": true, "publicClient": false, "protocol": "openid-connect", diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 289d5cd..932924e 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -2,40 +2,43 @@ global: name: yonote-app yonote: dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - baseListenAddress: example.com # Доменный адрес для yonote + baseListenAddress: modo.lap # Доменный адрес для yonote config: plain: data: + DEBUG: http NODE_ENV: production FORCE_HTTPS: "false" PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL WEB_CONCURRENCY: "1" - + BIND_HOST: 0.0.0.0 # Хост по умолчанию PORT: "3000" # Порт по умолчанию - REDIS_URL: redis://yonote-redis-master:6379 + REDIS_URL: redis://yonote-redis:6379 DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию ENABLE_UPDATES: "false" - + AI_URL: "1234" AI_API_KEY: "1234" - URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения - COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать - + URL: 'https://{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения + COLLABORATION_URL: 'wss://{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать + + #DEPLOYMENT: 'hosted' + OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. - OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. - OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены - OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. + OIDC_AUTH_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. + OIDC_LOGOUT_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. + OIDC_TOKEN_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены + OIDC_USERINFO_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.example.com' # Адрес API S3 хранилища + AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.modo.lap' # Адрес API S3 хранилища AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища AWS_REGION: "RU" AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища @@ -43,7 +46,7 @@ global: S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. - SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд + SUBDOMAINS_ENABLED: "false" # Поддержка поддоменов для команд BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены @@ -53,20 +56,20 @@ global: RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 - SMTP_HOST: "" + SMTP_HOST: "smtp.wilix.dev" SMTP_USERNAME: "" SMTP_FROM_EMAIL: "" SMTP_REPLY_EMAIL: "" - SMTP_PORT: "" + SMTP_PORT: "456" SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ SMTP_REQUIRE_TLS: "" yonote_cron_calendar_events: - cron_enabled: "true" + cron_enabled: "false" url: http://yonote-web/api/cron.calendar_events yonote_cron_task_scheduler: - cron_enabled: "true" + cron_enabled: "false" url: http://yonote-web/api/cron.schedule ingress: @@ -75,59 +78,59 @@ ingress: namespace: yonote-onprem ingressClassName: traefik tls: - secretName: "you_tls_secret" - hosts: - - "app.example.com" - - "team.example.com" + secretName: "your-tls-secret" + hosts: + - "app.modo.lap" + - "modo.lap" rules: - - host: "app.example.com" - paths: - - path: / - pathType: Prefix - service: - name: yonote-web - port: 80 - - path: /realtime - pathType: Prefix - service: - name: yonote-websockets - port: 80 - - path: /whiteboard - pathType: Prefix - service: - name: yonote-whiteboard - port: 80 - - path: /collaboration - pathType: Prefix - service: - name: yonote-collaboration - port: 80 - - host: "team.example.com" - paths: - - path: / - pathType: Prefix - service: - name: yonote-web - port: 80 - - path: /realtime - pathType: Prefix - service: - name: yonote-websockets - port: 80 - - path: /whiteboard - pathType: Prefix - service: - name: yonote-whiteboard - port: 80 - - path: /collaboration - pathType: Prefix - service: - name: yonote-collaboration - port: 80 + - host: "app.modo.lap" + paths: + - path: / + pathType: Prefix + service: + name: yonote-web + port: 80 + - path: /realtime + pathType: Prefix + service: + name: yonote-websockets + port: 80 + - path: /whiteboard + pathType: Prefix + service: + name: yonote-whiteboard + port: 80 + - path: /collaboration + pathType: Prefix + service: + name: yonote-collaboration + port: 80 + - host: "modo.lap" + paths: + - path: / + pathType: Prefix + service: + name: yonote-web + port: 80 + - path: /realtime + pathType: Prefix + service: + name: yonote-websockets + port: 80 + - path: /whiteboard + pathType: Prefix + service: + name: yonote-whiteboard + port: 80 + - path: /collaboration + pathType: Prefix + service: + name: yonote-collaboration + port: 80 annotations: - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - + cert-manager.io/cluster-issuer: selfsigned-issuer # Если используете + yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web @@ -136,7 +139,7 @@ yonote-web: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -166,17 +169,17 @@ yonote-web: requests: cpu: 200m memory: 256Mi - + containerPorts: - containerPort: 3000 name: app protocol: TCP - + service: type: ClusterIP port: 80 targetPort: app - + envFrom: - configMapRef: name: yonote-configs @@ -185,11 +188,11 @@ yonote-web: podLabels: redis-client: 'true' - + podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -200,7 +203,7 @@ yonote-web: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -216,13 +219,13 @@ yonote-websocket: fullnameOverride: yonote-websockets nameOverride: yonote-websockets name: websockets - + image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent - + command: ["/bin/sh", "-c"] args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets'] @@ -233,32 +236,32 @@ yonote-websocket: requests: cpu: 150m memory: 128Mi - + checksums: null - + envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets - + containerPorts: - containerPort: 3000 name: app protocol: TCP - + service: type: ClusterIP port: 80 targetPort: app - + podLabels: redis-client: 'true' - + podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -269,7 +272,7 @@ yonote-websocket: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -285,11 +288,11 @@ yonote-whiteboard: fullnameOverride: yonote-whiteboard nameOverride: yonote-whiteboard name: whiteboard - + image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -327,7 +330,7 @@ yonote-whiteboard: podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -338,7 +341,7 @@ yonote-whiteboard: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -358,7 +361,7 @@ yonote-worker: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -396,7 +399,7 @@ yonote-worker: podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -407,7 +410,7 @@ yonote-worker: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -427,7 +430,7 @@ yonote-collaboration: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -452,20 +455,20 @@ yonote-collaboration: type: ClusterIP port: 80 targetPort: app - + envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets - + podLabels: redis-client: 'true' - + podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -488,9 +491,9 @@ yonote-collaboration: path: /_health port: app -yonoteDatabase: +yonote-database: enabled: true - settings: + #settings: # Default postgres # superuser: @@ -498,24 +501,22 @@ yonoteDatabase: name: yonote user: yonote - name: yonote-database fullnameOverride: yonote-database nameOverride: yonote-database storage: requestedSize: 5Gi - #className: "" + className: "microk8s-hostpath" resources: limits: cpu: 2 - memory: 8Gi + memory: 5Gi requests: cpu: 500m memory: 512Mi - extraScripts: - - name: postgres-init-scripts + extraScripts: postgres-init-scripts yonote-redis: enabled: true @@ -523,8 +524,8 @@ yonote-redis: nameOverride: redis storage: - requestedSize: 5Gi - #className: "" + requestedSize: 1Gi + className: "microk8s-hostpath" resources: limits: cpu: 1 @@ -544,39 +545,41 @@ minio: users: - accessKey: console - secretKey: console123 + secretKey: qwer-12314q-qwersa policy: readwrite persistence: enabled: true - size: 5Gi - #storageClass: "" + size: 1Gi + storageClass: "microk8s-hostpath" ingress: enabled: true - hosts: 's3.example.com' + hosts: + - s3.modo.lap ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - tls: - - hosts: - - "s3.example.com" - secretName: "you_tls_secret" + # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете + #tls: + # - hosts: + # - "s3.modo.lap" + # secretName: "s3.modo.lap-tls" consoleIngress: enabled: true - hosts: 'api-s3.example.com' + hosts: + - api-s3.modo.lap ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - tls: - - hosts: - - "api-s3.example.com" - secretName: "api-s3.example.com" + # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете + #tls: + # - hosts: + # - "api-s3.modo.lap" + # secretName: "api-s3.modo.lap" resources: requests: @@ -590,58 +593,106 @@ mcJob: enabled: true keycloak: + enabled: true fullnameOverride: yonote-keycloak nameOverride: yonote-keycloak - auth: - adminUser: root + image: + repository: quay.io/keycloak/keycloak #images.updates.yonote.ru/yonote-keycloak + tag: 19.0.3 - proxy: "edge" + args: + - start-dev #--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm - command: - - /bin/bash - - -c - - | - /opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database --db-username postgres --db-password="$(DB_PASSWORD)" + cache: + stack: custom - extraEnvVars: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: yonote-database - key: postgres-password + proxy: + enabled: "false" - extraVolumes: - - name: realm-export - configMap: - name: realm-export + extraEnv: | + #- name: KC_LOG_LEVEL + # value: DEBUG + - name: KEYCLOAK_ADMIN + value: root + #valueFrom: + # secretKeyRef: + # name: {{ include "keycloak.fullname" . }}-admin-creds + # key: user + - name: KEYCLOAK_ADMIN_PASSWORD + value: keycloakadmin + #valueFrom: + # secretKeyRef: + # name: {{ include "keycloak.fullname" . }}-admin-creds + # key: password + - name: BASENAME_FOR_SUBDOMAIN + value: modo.lap + - name: KC_HOSTNAME_STRICT + value: "false" + #- name: KC_HOSTNAME_ADMIN + # value: auth.modo.lap/admin + - name: KC_HOSTNAME + value: auth.modo.lap + - name: KC_HOSTNAME_STRICT_HTTPS + value: "false" + - name: KC_HOSTNAME_PATH + value: "/" + #- name: KC_DB_URL + # value: jdbc:postgresql://yonote-database:5432/keycloak + - name: KC_HTTP_ENABLED + value: "true" + #- name: KC_PROXY + # value: edge + #- name: JAVA_OPTS_APPEND + # value: -Djgroups.dns.query=keycloak-headless + #- name: KC_PROXY_HEADERS + # value: "xforwarded" + - name: PROXY_ADDRESS_FORWARDING + value: "true" - extraVolumeMounts: - - name: realm-export - mountPath: /opt/bitnami/keycloak/data/import/realm-export.json - subPath: realm-export.json +# extraVolumes: | +# - name: realm-export +# configMap: +# name: realm-export + +# extraVolumeMounts: | +# - name: realm-export +# mountPath: /opt/keycloak/data/import +# readOnly: true + + http: + relativePath: "/" ingress: enabled: true - hostname: auth.example.com + hostname: auth.modo.lap ingressClassName: traefik - tls: + tls: - hosts: - - "auth.example.com" - secretName: "auth.example.com-tls" + - "auth.modo.lap" + secretName: "auth.modo.lap-tls" annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете + cert-manager.io/cluster-issuer: selfsigned-issuer #Если используете + #nginx.ingress.kubernetes.io/proxy-buffer-size: "256k" + #nginx.ingress.kubernetes.io/proxy-buffers: "8 256k" + #nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k" + #nginx.ingress.kubernetes.io/large-client-header-buffers: "8 256k" + #nginx.ingress.kubernetes.io/proxy-set-headers: | + # X-Forwarded-For: $proxy_protocol_addr + # X-Forwarded-Proto: $scheme + # Host: $host + #nginx.ingress.kubernetes.io/use-forwarded-headers: "true" rules: - - host: "auth.example.com" - paths: + - host: "auth.modo.lap" + paths: - path: / - pathType: Prefix + pathType: ImplementationSpecific service: name: yonote-keycloak port: http - path: /admin - pathType: Prefix + pathType: ImplementationSpecific service: name: yonote-keycloak port: http @@ -654,19 +705,27 @@ keycloak: cpu: 250m memory: 256Mi - postgresql: - enabled: false + dbchecker: + enabled: "true" - externalDatabase: - host: jdbc:postgresql://yonote-database + database: + vendor: postgres + hostname: yonote-database port: 5432 - user: postgres database: keycloak + username: keycloaku - livenessProbe: + livenessProbe: | + httpGet: + path: '{{ trimSuffix "/" .Values.http.relativePath}}/' + port: http initialDelaySeconds: 240 timeoutSeconds: 5 - readinessProbe: + # Readiness probe configuration + readinessProbe: | + httpGet: + path: '{{ trimSuffix "/" .Values.http.relativePath}}/realms/master' + port: http initialDelaySeconds: 120 - timeoutSeconds: 5 + timeoutSeconds: 1