|
|
|
@@ -6,12 +6,12 @@ global:
|
|
|
|
|
username: yonote
|
|
|
|
|
|
|
|
|
|
yonote:
|
|
|
|
|
ingress:
|
|
|
|
|
ingressClassName: nginx
|
|
|
|
|
# ingress:
|
|
|
|
|
# ingressClassName: traefik
|
|
|
|
|
|
|
|
|
|
dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
|
|
|
|
|
|
|
|
|
|
baseListenAddress: example.com
|
|
|
|
|
baseListenAddress: onprem-test.stands.wilix.dev
|
|
|
|
|
|
|
|
|
|
config:
|
|
|
|
|
plain:
|
|
|
|
@@ -30,17 +30,18 @@ global:
|
|
|
|
|
|
|
|
|
|
AI_URL: "1234"
|
|
|
|
|
AI_API_KEY: "1234"
|
|
|
|
|
WEB_CONCURRENCY: "1"
|
|
|
|
|
|
|
|
|
|
URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
|
|
|
|
|
URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
|
|
|
|
|
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
|
|
|
|
|
|
|
|
|
|
OIDC_DISPLAY_NAME: email
|
|
|
|
|
OIDC_SCOPES: openid email
|
|
|
|
|
OIDC_CLIENT_ID: yonote
|
|
|
|
|
OIDC_AUTH_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/auth'
|
|
|
|
|
OIDC_LOGOUT_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/logout'
|
|
|
|
|
OIDC_TOKEN_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/token'
|
|
|
|
|
OIDC_USERINFO_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/userinfo'
|
|
|
|
|
OIDC_CLIENT_ID: yonote-local
|
|
|
|
|
OIDC_AUTH_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/auth'
|
|
|
|
|
OIDC_LOGOUT_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/logout'
|
|
|
|
|
OIDC_TOKEN_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/token'
|
|
|
|
|
OIDC_USERINFO_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/userinfo'
|
|
|
|
|
|
|
|
|
|
AWS_S3_ACL: private
|
|
|
|
|
AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища
|
|
|
|
@@ -77,6 +78,61 @@ global:
|
|
|
|
|
cron_enabled: "true"
|
|
|
|
|
url: http://yonote-web/api/cron.schedule
|
|
|
|
|
|
|
|
|
|
# ingress:
|
|
|
|
|
# enabled: true
|
|
|
|
|
# hostname: 'app.onprem-test.stands.wilix.dev'
|
|
|
|
|
# ingressClassName: traefik
|
|
|
|
|
# path: '/'
|
|
|
|
|
# pathType: Prefix
|
|
|
|
|
# annotations:
|
|
|
|
|
# cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
|
|
|
|
# traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd'
|
|
|
|
|
# # nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
|
|
|
# # nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
# # more_set_headers "Host $http_host";
|
|
|
|
|
# # more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
# # more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
# # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# extraTls:
|
|
|
|
|
# - hosts:
|
|
|
|
|
# - "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
# secretName: "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
|
|
|
|
name: yonote-ingress
|
|
|
|
|
namespace: yonote-onprem
|
|
|
|
|
ingressClassName: traefik
|
|
|
|
|
hostname: 'app.onprem-test.stands.wilix.dev'
|
|
|
|
|
tls:
|
|
|
|
|
secretName: "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
hosts:
|
|
|
|
|
- "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
rules:
|
|
|
|
|
paths:
|
|
|
|
|
- path: /
|
|
|
|
|
pathType: Prefix
|
|
|
|
|
service:
|
|
|
|
|
name: yonote-web
|
|
|
|
|
port: 80
|
|
|
|
|
- path: /realtime
|
|
|
|
|
pathType: Prefix
|
|
|
|
|
service:
|
|
|
|
|
name: yonote-websockets
|
|
|
|
|
port: 80
|
|
|
|
|
- path: /whiteboard
|
|
|
|
|
pathType: Prefix
|
|
|
|
|
service:
|
|
|
|
|
name: yonote-whiteboard
|
|
|
|
|
port: 80
|
|
|
|
|
- path: /collaboration
|
|
|
|
|
pathType: Prefix
|
|
|
|
|
service:
|
|
|
|
|
name: yonote-collaboration
|
|
|
|
|
port: 80
|
|
|
|
|
annotations:
|
|
|
|
|
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
|
|
|
|
traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd'
|
|
|
|
|
|
|
|
|
|
yonote-web:
|
|
|
|
|
fullnameOverride: yonote-web
|
|
|
|
|
nameOverride: yonote-web
|
|
|
|
@@ -110,8 +166,8 @@ yonote-web:
|
|
|
|
|
|
|
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
cpu: 350m
|
|
|
|
|
memory: 512Mi
|
|
|
|
|
cpu: 1
|
|
|
|
|
memory: 1Gi
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 200m
|
|
|
|
|
memory: 128Mi
|
|
|
|
@@ -132,16 +188,25 @@ yonote-web:
|
|
|
|
|
- secretRef:
|
|
|
|
|
name: yonote-secrets
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
hostname: '"*.example.com"'
|
|
|
|
|
ingressClassName: nginx
|
|
|
|
|
annotations:
|
|
|
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
|
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
more_set_headers "Host $http_host";
|
|
|
|
|
more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# ingress:
|
|
|
|
|
# enabled: true
|
|
|
|
|
# hostname: 'app.onprem-test.stands.wilix.dev'
|
|
|
|
|
# ingressClassName: traefik
|
|
|
|
|
# path: '/'
|
|
|
|
|
# pathType: Prefix
|
|
|
|
|
# annotations:
|
|
|
|
|
# cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
|
|
|
|
# traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd'
|
|
|
|
|
# # nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
|
|
|
# # nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
# # more_set_headers "Host $http_host";
|
|
|
|
|
# # more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
# # more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
# # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# extraTls:
|
|
|
|
|
# - hosts:
|
|
|
|
|
# - "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
# secretName: "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
|
|
|
|
|
podLabels:
|
|
|
|
|
redis-client: 'true'
|
|
|
|
@@ -212,16 +277,25 @@ yonote-websocket:
|
|
|
|
|
port: 80
|
|
|
|
|
targetPort: app
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
hostname: '"*.example.com"'
|
|
|
|
|
ingressClassName: nginx
|
|
|
|
|
annotations:
|
|
|
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
|
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
more_set_headers "Host $http_host";
|
|
|
|
|
more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# ingress:
|
|
|
|
|
# enabled: true
|
|
|
|
|
# hostname: 'app.onprem-test.stands.wilix.dev'
|
|
|
|
|
# ingressClassName: traefik
|
|
|
|
|
# path: '/realtime'
|
|
|
|
|
# pathType: Prefix
|
|
|
|
|
# annotations:
|
|
|
|
|
# cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
|
|
|
|
# traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd'
|
|
|
|
|
# # nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
|
|
|
# # nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
# # more_set_headers "Host $http_host";
|
|
|
|
|
# # more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
# # more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
# # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# extraTls:
|
|
|
|
|
# - hosts:
|
|
|
|
|
# - "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
# secretName: "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
|
|
|
|
|
podLabels:
|
|
|
|
|
redis-client: 'true'
|
|
|
|
@@ -292,16 +366,26 @@ yonote-whiteboard:
|
|
|
|
|
port: 80
|
|
|
|
|
targetPort: app
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
hostname: '"*.example.com"'
|
|
|
|
|
ingressClassName: nginx
|
|
|
|
|
annotations:
|
|
|
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
|
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
more_set_headers "Host $http_host";
|
|
|
|
|
more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# ingress:
|
|
|
|
|
# enabled: true
|
|
|
|
|
# hostname: 'app.onprem-test.stands.wilix.dev'
|
|
|
|
|
# ingressClassName: traefik
|
|
|
|
|
# path: '/whiteboard'
|
|
|
|
|
# pathType: Prefix
|
|
|
|
|
# annotations:
|
|
|
|
|
# cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
|
|
|
|
# traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd'
|
|
|
|
|
# # nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
|
|
|
# # nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
# # more_set_headers "Host $http_host";
|
|
|
|
|
# # more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
# # more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
# # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# extraTls:
|
|
|
|
|
# - hosts:
|
|
|
|
|
# - "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
# secretName: "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
podLabels:
|
|
|
|
|
redis-client: 'true'
|
|
|
|
@@ -348,11 +432,11 @@ yonote-worker:
|
|
|
|
|
|
|
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
cpu: 500m
|
|
|
|
|
cpu: 1
|
|
|
|
|
memory: 1Gi
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 250m
|
|
|
|
|
memory: 256Mi
|
|
|
|
|
cpu: 50m
|
|
|
|
|
memory: 128Mi
|
|
|
|
|
|
|
|
|
|
checksums: null
|
|
|
|
|
|
|
|
|
@@ -427,16 +511,25 @@ yonote-collaboration:
|
|
|
|
|
port: 80
|
|
|
|
|
targetPort: app
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
hostname: '"*.example.com"'
|
|
|
|
|
ingressClassName: nginx
|
|
|
|
|
annotations:
|
|
|
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
|
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
more_set_headers "Host $http_host";
|
|
|
|
|
more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# ingress:
|
|
|
|
|
# enabled: true
|
|
|
|
|
# hostname: 'app.onprem-test.stands.wilix.dev'
|
|
|
|
|
# ingressClassName: traefik
|
|
|
|
|
# path: '/collaboration'
|
|
|
|
|
# pathType: Prefix
|
|
|
|
|
# annotations:
|
|
|
|
|
# cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
|
|
|
|
# traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd'
|
|
|
|
|
# # nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
|
|
|
# # nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
|
|
|
# # more_set_headers "Host $http_host";
|
|
|
|
|
# # more_set_headers "X-Real-IP $remote_addr";
|
|
|
|
|
# # more_set_headers "X-Forwarded-Proto $scheme";
|
|
|
|
|
# # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
|
|
|
|
|
# extraTls:
|
|
|
|
|
# - hosts:
|
|
|
|
|
# - "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
# secretName: "app.onprem-test.stands.wilix.dev"
|
|
|
|
|
|
|
|
|
|
envFrom:
|
|
|
|
|
- configMapRef:
|
|
|
|
@@ -523,13 +616,18 @@ minio:
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
|
|
|
|
hostname: 's3.onprem-test.stands.wilix.dev'
|
|
|
|
|
ingressClassName: traefik
|
|
|
|
|
path: '/'
|
|
|
|
|
pathType: ImplementationSpecific
|
|
|
|
|
annotations:
|
|
|
|
|
kubernetes.io/ingress.class: nginx
|
|
|
|
|
hosts:
|
|
|
|
|
- host: s3.example.com
|
|
|
|
|
paths:
|
|
|
|
|
- path: /
|
|
|
|
|
pathType: ImplementationSpecific
|
|
|
|
|
kubernetes.io/ingress.class: traefik
|
|
|
|
|
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
|
|
|
|
extraTls:
|
|
|
|
|
- hosts:
|
|
|
|
|
- "s3.onprem-test.stands.wilix.dev"
|
|
|
|
|
secretName: "s3.onprem-test.stands.wilix.dev"
|
|
|
|
|
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 512Mi
|
|
|
|
|