diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index 9533b32..f53e7ee 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -29,7 +29,7 @@ yonoteDatabase: password: "wsGZ6kXhr5" postgresPassword: "QQYw4UjOU" -# yonote-redis: # Если используете пароль для redis +# yonote-redis: # Если используете auth для redis # auth: # password: "12345678" @@ -40,7 +40,4 @@ minio: keycloak: auth: - adminPassword: "root" - postgresql: - auth: - password: "tT9BqYdNyd" \ No newline at end of file + adminPassword: "root" \ No newline at end of file diff --git a/yonote-chart-service/templates/configmap-initdb.yaml b/yonote-chart-service/templates/configmap-initdb.yaml new file mode 100644 index 0000000..65c5c4a --- /dev/null +++ b/yonote-chart-service/templates/configmap-initdb.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-init-scripts +data: + init.sql: | + CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}"; \ No newline at end of file diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 5f0caa1..70f1645 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -510,11 +510,23 @@ yonoteDatabase: cpu: 500m memory: 512Mi + extraVolumes: + - name: init-scripts + configMap: + name: postgres-init-scripts + + extraVolumeMounts: + - name: init-scripts + mountPath: /docker-entrypoint-initdb.d + readOnly: true + yonote-redis: enabled: true fullnameOverride: yonote-redis nameOverride: redis architecture: standalone + image: + tag: 7.2.0-debian-11-r0 auth: enabled: false @@ -587,28 +599,26 @@ mcJob: enabled: true keycloak: + fullnameOverride: yonote-keycloak + nameOverride: yonote-keycloak + auth: adminUser: root - fullnameOverride: yonote-keycloak - nameOverride: yonote-keycloak + proxy: "edge" command: - /bin/bash - -c - | - /opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \ - /opt/bitnami/keycloak/bin/kc.sh start-dev + /opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database --db-username postgres --db-password="$(DB_PASSWORD)" extraEnvVars: - - name: KC_DB_PASSWORD - value: "{{ .Values.keycloak.postgresql.auth.password }}" - - name: KEYCLOAK_PRODUCTION - value: "true" - - name: KC_HOSTNAME_URL - value: "https://auth.example.com" - - name: KC_HOSTNAME_ADMIN_URL - value: "https://auth.example.com" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: yonote-database + key: postgres-password extraVolumes: - name: realm-export @@ -624,14 +634,13 @@ keycloak: enabled: true hostname: auth.example.com ingressClassName: traefik - tls: true - annotations: - kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - extraTls: + tls: - hosts: - "auth.example.com" - secretName: "you_tls_secret" + secretName: "auth.example.com-tls" + annotations: + kubernetes.io/ingress.class: traefik + # cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете rules: - host: "auth.example.com" paths: @@ -646,8 +655,6 @@ keycloak: name: yonote-keycloak port: http - proxy: "edge" - resources: limits: cpu: 1 @@ -657,13 +664,18 @@ keycloak: memory: 256Mi postgresql: - enabled: true - auth: - database: keycloak - username: keycloak - name: keycloak-database - fullnameOverride: keycloak-database - nameOverride: keycloak-database - primary: - persistence: - size: 5Gi \ No newline at end of file + enabled: false + + externalDatabase: + host: jdbc:postgresql://yonote-database + port: 5432 + user: postgres + database: keycloak + + livenessProbe: + initialDelaySeconds: 240 + timeoutSeconds: 5 + + readinessProbe: + initialDelaySeconds: 120 + timeoutSeconds: 5