diff --git a/README.md b/README.md index 94ce5b2..dfe8125 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,50 @@ -# onprem-deploy +# Yonote Helm Chart +## Обзор + +Этот Helm chart позволяет развернуть **Yonote** в Kubernetes. Он предоставляет быстрый и простой способ установки, настройки и управления приложением с помощью Helm. + +## Требования + +- Kubernetes cluster +- Helm +- Ingress Controller (nginx/traefik) + +## Установка + +### 1. Добавление репозиториев Helm + +Перед установкой зависимостей, необходимо добавить репозитории, из которых будут загружаться чарты: + +```bash +helm repo add dysnix https://dysnix.github.io/charts +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo update +``` + +### 2. Выполните сборку зависимостей Helm chart + +```bash +helm dependency build +``` + +### 3. Настройка значений + +Перед развертыванием приложения через Helm необходимо внести валидные значения в файлы values.yaml и secret-values.yaml. Эти файлы содержат параметры конфигурации, которые будут использованы при установке приложения. + +Настройте необходимые параметры. В файлах values.yaml и secret-values.yaml вы найдете различные секции, каждая из которых соответствует определенной части конфигурации приложения. Внимательно изучите комментарии в этих файлах; они указывают на места, где необходимо внести изменения. Обратите особое внимание на секцию ingress, так как её настройка важна для правильной работы приложения. Вам потребуется заменить или настроить значения в этой секции в соответствии с вашими требованиями. + +Более подробно ознакомиться с переменными вы можете по следующей ссылке: https://yo.yonote.ru/doc/peremennye-okruzheniya-mOI8Jl6B05 + +### 4. Запуск приложения + +После настройки значений выполните команду: + +```bash +helm install app -f values.yaml -f secret-values.yaml -n yonote-onprem . +``` +После выполнения команды начнётся установка приложения и всех дополнительных сервисов к нему. Остаётся только подождать, пока все сервисы запустятся. + +### Обратная связь + +Если у вас есть вопросы или вам нужна помощь, пишите на email: hello@yonote.ru \ No newline at end of file diff --git a/yonote-chart-mono/Chart.lock b/yonote-chart-mono/Chart.lock new file mode 100644 index 0000000..b42e272 --- /dev/null +++ b/yonote-chart-mono/Chart.lock @@ -0,0 +1,18 @@ +dependencies: +- name: app + repository: https://dysnix.github.io/charts + version: 0.3.15 +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 11.6.6 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 16.12.1 +- name: minio + repository: https://charts.bitnami.com/bitnami + version: 12.7.0 +- name: keycloak + repository: https://charts.bitnami.com/bitnami + version: 14.0.0 +digest: sha256:b12099844193a7a06a5d15b80774592b1cf73af191b654154a9c7a6e8d51a2e0 +generated: "2024-08-25T04:02:50.20628049+03:00" diff --git a/yonote-chart-mono/Chart.yaml b/yonote-chart-mono/Chart.yaml new file mode 100644 index 0000000..14e7f59 --- /dev/null +++ b/yonote-chart-mono/Chart.yaml @@ -0,0 +1,40 @@ +apiVersion: v2 +name: yonote-chart +version: 1.2.0 +description: + Generic application Helm chart. + This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart. +maintainers: + - name: Dysnix + email: support@dysnix.com + url: https://github.com/dysnix/charts/tree/main/dysnix/app + +dependencies: + - name: app + version: "0.3.15" + repository: https://dysnix.github.io/charts + alias: yonote-web + + - name: postgresql + version: "11.6.6" + repository: https://charts.bitnami.com/bitnami + condition: yonoteDatabase.enabled + alias: yonoteDatabase + + - name: redis + version: "16.12.1" + repository: https://charts.bitnami.com/bitnami + condition: yonote-redis.enabled + alias: yonote-redis + + - name: minio + version: "12.7.0" + repository: https://charts.bitnami.com/bitnami + condition: minio.enabled + alias: minio + + - name: keycloak + version: "14.0.0" + repository: https://charts.bitnami.com/bitnami + condition: keycloak.enabled + alias: keycloak \ No newline at end of file diff --git a/yonote-chart-mono/secret-values.yaml b/yonote-chart-mono/secret-values.yaml new file mode 100644 index 0000000..2c6663b --- /dev/null +++ b/yonote-chart-mono/secret-values.yaml @@ -0,0 +1,45 @@ +global: + yonote: + config: + secret: + stringData: + DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}' + POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}" + AWS_ACCESS_KEY_ID: "{{ .Values.minio.auth.rootUser }}" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу + AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.auth.rootPassword }}" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу + OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). + SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. + SMTP_PASSWORD: "1234" + UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. + TELEGRAM_BOT_TOKEN: "1234" + UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" + LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения + SERVICE_WORKER_PUBLIC_KEY: "1234" + SERVICE_WORKER_PRIVATE_KEY: "1234" + # Генерация ключей (web-push) Service Worker + # 1) Установить Node.js и npm + # 2) Выполнить команду для генерации ключей + # npx web-push generate-vapid-keys + # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) + +yonoteDatabase: + global: + postgresql: + auth: + password: "wsGZ6kXhr5" + postgresPassword: "QQYw4UjOU" + +# yonote-redis: # Если используете пароль для redis +# auth: +# password: "12345678" + +minio: + auth: + rootPassword: "12345678" + +keycloak: + auth: + adminPassword: "root" + postgresql: + auth: + password: "tT9BqYdNyd" \ No newline at end of file diff --git a/yonote-chart/templates/configmap.yaml b/yonote-chart-mono/templates/configmap.yaml similarity index 100% rename from yonote-chart/templates/configmap.yaml rename to yonote-chart-mono/templates/configmap.yaml diff --git a/yonote-chart/templates/cronjob.yaml b/yonote-chart-mono/templates/cronjob.yaml similarity index 94% rename from yonote-chart/templates/cronjob.yaml rename to yonote-chart-mono/templates/cronjob.yaml index 21de386..60a2763 100644 --- a/yonote-chart/templates/cronjob.yaml +++ b/yonote-chart-mono/templates/cronjob.yaml @@ -29,7 +29,7 @@ spec: { "token": "$(UTILS_SECRET)" } - ' + ' restartPolicy: OnFailure {{- end }} --- @@ -64,6 +64,6 @@ spec: { "token":"$(UTILS_SECRET)", "limit":"200" } - ' + ' restartPolicy: OnFailure {{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/templates/ingress.yaml b/yonote-chart-mono/templates/ingress.yaml new file mode 100644 index 0000000..04bc8a6 --- /dev/null +++ b/yonote-chart-mono/templates/ingress.yaml @@ -0,0 +1,34 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Values.ingress.name }} + namespace: {{ .Values.ingress.namespace }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.ingressClassName }} + tls: + - secretName: "{{ .Values.ingress.tls.secretName }}" + hosts: + {{- range .Values.ingress.tls.hosts }} + - "{{ . }}" + {{- end }} + rules: + {{- range .Values.ingress.rules }} + - host: "{{ .host }}" + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ .service.name }} + port: + number: {{ .service.port | int }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/templates/mcJob.yaml b/yonote-chart-mono/templates/mcJob.yaml new file mode 100644 index 0000000..7835bd2 --- /dev/null +++ b/yonote-chart-mono/templates/mcJob.yaml @@ -0,0 +1,39 @@ +{{- if .Values.mcJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: yonote-minio-mc-job + labels: + app: yonote-minio +spec: + template: + metadata: + labels: + app: yonote-minio + spec: + containers: + - name: mc-client + image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0" + command: ["/bin/sh", "-c"] + args: + - | + until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do + echo "Waiting for MinIO to be ready..." + sleep 5 + done + if ! mc ls myminio/yonote-bucket; then + mc mb myminio/yonote-bucket + else + echo "Bucket yonote-bucket already exists." + fi + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" + restartPolicy: OnFailure + backoffLimit: 5 + ttlSecondsAfterFinished: 100 +{{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/templates/realm-configmap.yaml b/yonote-chart-mono/templates/realm-configmap.yaml new file mode 100644 index 0000000..11d7483 --- /dev/null +++ b/yonote-chart-mono/templates/realm-configmap.yaml @@ -0,0 +1,169 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: realm-export +data: + realm-export.json: | + { + "realm": "yonote", + "enabled": true, + "notBefore": 1647809856, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": true, + "rememberMe": true, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": true, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "clients": [ + { + "clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}", + "secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", + "redirectUris": [ + "https://*.{{ .Values.global.yonote.baseListenAddress }}/*", + "http://*.{{ .Values.global.yonote.baseListenAddress }}/*", + "http://app.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://app.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" + ], + "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}", + "enabled": true, + "publicClient": false, + "protocol": "openid-connect", + "attributes": { + "client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", + "display.on.consent.screen": "true" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "protocolMappers": [ + { + "name": "oidc-display-name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": ["openid", "email"] + } + ], + "identityProviders": [], + "internationalizationEnabled": true, + "clientScopes": [ + { + "name": "openid", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}" + }, + "protocolMappers": [] + }, + { + "name": "email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "56fe6d23-690a-465c-bc36-99bff8fef6eb", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + } + ], + "browserSecurityHeaders": { + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';" + }, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "smtpServer": {} + } \ No newline at end of file diff --git a/yonote-chart/templates/secret.yaml b/yonote-chart-mono/templates/secret.yaml similarity index 100% rename from yonote-chart/templates/secret.yaml rename to yonote-chart-mono/templates/secret.yaml diff --git a/yonote-chart-mono/values.yaml b/yonote-chart-mono/values.yaml new file mode 100644 index 0000000..6c6fe4e --- /dev/null +++ b/yonote-chart-mono/values.yaml @@ -0,0 +1,390 @@ +global: + name: yonote-app + yonote: + dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` + baseListenAddress: example.com # Доменный адрес для yonote + + config: + plain: + data: + DEPLOYMENT: hosted + NODE_ENV: production + FORCE_HTTPS: "false" + PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL + + BIND_HOST: 0.0.0.0 # Хост по умолчанию + PORT: "3000" # Порт по умолчанию + + REDIS_URL: redis://yonote-redis-master:6379 + + DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию + ENABLE_UPDATES: "false" + + AI_URL: "1234" + AI_API_KEY: "1234" + WEB_CONCURRENCY: "1" + + URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения + COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать + + OIDC_DISPLAY_NAME: email + OIDC_SCOPES: openid email + OIDC_CLIENT_ID: yonote + OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. + OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. + OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены + OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. + + AWS_S3_ACL: private + AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища + AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища + AWS_REGION: "ru_RU" + AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища + AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3 + S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean + S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. + + SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд + BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста + NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены + + TELEGRAM_API_URL: https://api.telegram.org + + UNSPLASH_API_BASENAME: https://api.unsplash.com + + RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 + + SMTP_HOST: "" + SMTP_USERNAME: "" + SMTP_FROM_EMAIL: "" + SMTP_REPLY_EMAIL: "" + SMTP_PORT: "" + SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ + SMTP_REQUIRE_TLS: "" + + yonote_cron_calendar_events: + cron_enabled: "true" + url: http://yonote-web/api/cron.calendar_events + + yonote_cron_task_scheduler: + cron_enabled: "true" + url: http://yonote-web/api/cron.schedule + +yonote-web: + fullnameOverride: yonote-web + nameOverride: yonote-web + name: web + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.5 + pullPolicy: IfNotPresent + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 250m + memory: 256Mi + +ingress: + enabled: true + name: yonote-ingress + namespace: yonote-onprem + ingressClassName: nginx + tls: + - secretName: "you_tls_secret" + hosts: + - "app.example.com" + - "team.example.com" + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/server-snippets: | + location /realtime { + proxy_set_header Upgrade $http_upgrade; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header Connection "upgrade"; + proxy_cache_bypass $http_upgrade; + } + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "Host $http_host"; + more_set_headers "X-Real-IP $remote_addr"; + more_set_headers "X-Forwarded-Proto $scheme"; + more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + cert-manager.io/cluster-issuer: "" + + rules: + - host: "app.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: yonote-web + port: + number: 80 + - path: /realtime + pathType: Prefix + backend: + service: + name: yonote-websockets + port: + number: 80 + - path: /whiteboard + pathType: Prefix + backend: + service: + name: yonote-whiteboard + port: + number: 80 + - path: /collaboration + pathType: Prefix + backend: + service: + name: yonote-collaboration + port: + number: 80 + + - host: "team.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: yonote-web + port: + number: 80 + - path: /realtime + pathType: Prefix + backend: + service: + name: yonote-websockets + port: + number: 80 + - path: /whiteboard + pathType: Prefix + backend: + service: + name: yonote-whiteboard + port: + number: 80 + - path: /collaboration + pathType: Prefix + backend: + service: + name: yonote-collaboration + port: + number: 80 + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + service: + type: ClusterIP + port: 80 + targetPort: app + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + podLabels: + redis-client: 'true' + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonoteDatabase: + enabled: true + global: + postgresql: + auth: + database: "yonote" + username: "yonote" + name: yonote-database + fullnameOverride: yonote-database + nameOverride: yonote-database + + primary: + persistence: + size: 500Mi + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + +yonote-redis: + enabled: true + fullnameOverride: yonote-redis + nameOverride: redis + architecture: standalone + + auth: + enabled: false + + master: + persistence: + size: 200Mi + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + +minio: + enabled: true + name: minio + fullnameOverride: yonote-minio + nameOverride: yonote-minio + auth: + rootUser: admin + + persistence: + enabled: true + size: 500Mi + + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "Host $http_host"; + more_set_headers "X-Real-IP $remote_addr"; + more_set_headers "X-Forwarded-Proto $scheme"; + more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + hosts: + - host: s3.example.com + paths: + - path: / + pathType: ImplementationSpecific + + resources: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + + buckets: + - name: yonote-bucket + policy: none + +mcJob: + enabled: true + +keycloak: + auth: + adminUser: root + + fullnameOverride: yonote-keycloak + nameOverride: yonote-keycloak + + command: + - /bin/bash + - -c + - | + /opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \ + /opt/bitnami/keycloak/bin/kc.sh start-dev + + extraEnvVars: + - name: KC_DB_PASSWORD + value: "tT9BqYdNyd" + - name: KEYCLOAK_PRODUCTION + value: "true" + - name: KC_HOSTNAME_URL + value: "https://auth.example.com" + - name: KC_HOSTNAME_ADMIN_URL + value: "https://auth.example.com" + + extraVolumes: + - name: realm-export + configMap: + name: realm-export + + extraVolumeMounts: + - name: realm-export + mountPath: /opt/bitnami/keycloak/data/import/realm-export.json + subPath: realm-export.json + + ingress: + enabled: true + hostname: auth.example.com + ingressClassName: traefik + tls: true + annotations: + kubernetes.io/ingress.class: traefik + # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете + extraTls: + - hosts: + - "auth.example.com" + secretName: "you_tls_secret" + rules: + - host: "auth.example.com" + paths: + - path: / + pathType: Prefix + service: + name: yonote-keycloak + port: http + - path: /admin + pathType: Prefix + service: + name: yonote-keycloak + port: http + + proxy: "edge" + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 150m + memory: 128Mi + + postgresql: + enabled: true + auth: + database: keycloak + username: keycloak + name: keycloak-database + fullnameOverride: keycloak-database + nameOverride: keycloak-database + primary: + persistence: + size: 512Mi \ No newline at end of file diff --git a/yonote-chart/.helmignore b/yonote-chart-service/.helmignore similarity index 97% rename from yonote-chart/.helmignore rename to yonote-chart-service/.helmignore index 0e8a0eb..691fa13 100644 --- a/yonote-chart/.helmignore +++ b/yonote-chart-service/.helmignore @@ -20,4 +20,4 @@ .project .idea/ *.tmproj -.vscode/ +.vscode/ \ No newline at end of file diff --git a/yonote-chart/Chart.lock b/yonote-chart-service/Chart.lock similarity index 59% rename from yonote-chart/Chart.lock rename to yonote-chart-service/Chart.lock index 2584b69..a59078e 100644 --- a/yonote-chart/Chart.lock +++ b/yonote-chart-service/Chart.lock @@ -18,7 +18,13 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 11.6.6 - name: redis - repository: https://artifacts.wilix.dev/repository/helm-bitnami + repository: https://charts.bitnami.com/bitnami version: 16.12.1 -digest: sha256:b235eee18e9704d2eccffe52ea8a37d5431039378ae03ef2e2b738661f2a5711 -generated: "2024-07-11T17:41:36.715623176+03:00" +- name: minio + repository: https://charts.bitnami.com/bitnami + version: 12.7.0 +- name: keycloak + repository: https://charts.bitnami.com/bitnami + version: 14.0.0 +digest: sha256:928723e189de54fafe19316743b8f9d08d7c74f9728b0c4afb1f5cd3ee1e83dc +generated: "2024-08-25T00:46:01.648512702+03:00" diff --git a/yonote-chart/Chart.yaml b/yonote-chart-service/Chart.yaml similarity index 58% rename from yonote-chart/Chart.yaml rename to yonote-chart-service/Chart.yaml index 3a3f06b..a70fa48 100644 --- a/yonote-chart/Chart.yaml +++ b/yonote-chart-service/Chart.yaml @@ -1,6 +1,13 @@ apiVersion: v2 name: yonote-chart version: 1.2.0 +description: + Generic application Helm chart. + This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart. +maintainers: + - name: Dysnix + email: support@dysnix.com + url: https://github.com/dysnix/charts/tree/main/dysnix/app dependencies: - name: app @@ -31,11 +38,23 @@ dependencies: - name: postgresql version: "11.6.6" repository: https://charts.bitnami.com/bitnami - condition: yonote-database.enabled - alias: yonote-database + condition: yonoteDatabase.enabled + alias: yonoteDatabase - name: redis version: "16.12.1" repository: https://charts.bitnami.com/bitnami condition: yonote-redis.enabled alias: yonote-redis + + - name: minio + version: "12.7.0" + repository: https://charts.bitnami.com/bitnami + condition: minio.enabled + alias: minio + + - name: keycloak + version: "14.0.0" + repository: https://charts.bitnami.com/bitnami + condition: keycloak.enabled + alias: keycloak \ No newline at end of file diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml new file mode 100644 index 0000000..2c6663b --- /dev/null +++ b/yonote-chart-service/secret-values.yaml @@ -0,0 +1,45 @@ +global: + yonote: + config: + secret: + stringData: + DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}' + POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}" + AWS_ACCESS_KEY_ID: "{{ .Values.minio.auth.rootUser }}" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу + AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.auth.rootPassword }}" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу + OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). + SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. + SMTP_PASSWORD: "1234" + UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. + TELEGRAM_BOT_TOKEN: "1234" + UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" + LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения + SERVICE_WORKER_PUBLIC_KEY: "1234" + SERVICE_WORKER_PRIVATE_KEY: "1234" + # Генерация ключей (web-push) Service Worker + # 1) Установить Node.js и npm + # 2) Выполнить команду для генерации ключей + # npx web-push generate-vapid-keys + # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) + +yonoteDatabase: + global: + postgresql: + auth: + password: "wsGZ6kXhr5" + postgresPassword: "QQYw4UjOU" + +# yonote-redis: # Если используете пароль для redis +# auth: +# password: "12345678" + +minio: + auth: + rootPassword: "12345678" + +keycloak: + auth: + adminPassword: "root" + postgresql: + auth: + password: "tT9BqYdNyd" \ No newline at end of file diff --git a/yonote-chart-service/templates/configmap.yaml b/yonote-chart-service/templates/configmap.yaml new file mode 100644 index 0000000..52ca6f9 --- /dev/null +++ b/yonote-chart-service/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: yonote-configs + labels: + {{- include "common.labels.standard" $ | nindent 4 }} + {{- with .Values.global.yonote.config.plain.data }} +data: + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 2 }} + {{- end }} \ No newline at end of file diff --git a/yonote-chart-service/templates/cronjob.yaml b/yonote-chart-service/templates/cronjob.yaml new file mode 100644 index 0000000..60a2763 --- /dev/null +++ b/yonote-chart-service/templates/cronjob.yaml @@ -0,0 +1,69 @@ +{{- if eq ($.Values.global.yonote_cron_calendar_events.cron_enabled | toString) "true" }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: cron-calendar-events +spec: + schedule: "*/1 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: cron-calendar-events + image: curlimages/curl + imagePullPolicy: IfNotPresent + envFrom: + - secretRef: + name: yonote-secrets + command: + - /bin/sh + - -c + - >- + date; + curl + -X POST + {{ .Values.global.yonote_cron_calendar_events.url }} + -H "Content-Type: application/json" + -d ' + { + "token": "$(UTILS_SECRET)" + } + ' + restartPolicy: OnFailure +{{- end }} +--- +{{- if eq ($.Values.global.yonote_cron_task_scheduler.cron_enabled | toString) "true" }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: cron-task-scheduler +spec: + schedule: "0 */1 * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: cron-task-scheduler + image: curlimages/curl + imagePullPolicy: IfNotPresent + envFrom: + - secretRef: + name: yonote-secrets + command: + - /bin/sh + - -c + - >- + date; + curl + -X POST + {{ .Values.global.yonote_cron_task_scheduler.url }} + -H "Content-Type: application/json" + -d ' + { + "token":"$(UTILS_SECRET)", "limit":"200" + } + ' + restartPolicy: OnFailure +{{- end }} \ No newline at end of file diff --git a/yonote-chart-service/templates/ingress.yaml b/yonote-chart-service/templates/ingress.yaml new file mode 100644 index 0000000..04bc8a6 --- /dev/null +++ b/yonote-chart-service/templates/ingress.yaml @@ -0,0 +1,34 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Values.ingress.name }} + namespace: {{ .Values.ingress.namespace }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.ingressClassName }} + tls: + - secretName: "{{ .Values.ingress.tls.secretName }}" + hosts: + {{- range .Values.ingress.tls.hosts }} + - "{{ . }}" + {{- end }} + rules: + {{- range .Values.ingress.rules }} + - host: "{{ .host }}" + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ .service.name }} + port: + number: {{ .service.port | int }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/yonote-chart-service/templates/mcJob.yaml b/yonote-chart-service/templates/mcJob.yaml new file mode 100644 index 0000000..7835bd2 --- /dev/null +++ b/yonote-chart-service/templates/mcJob.yaml @@ -0,0 +1,39 @@ +{{- if .Values.mcJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: yonote-minio-mc-job + labels: + app: yonote-minio +spec: + template: + metadata: + labels: + app: yonote-minio + spec: + containers: + - name: mc-client + image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0" + command: ["/bin/sh", "-c"] + args: + - | + until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do + echo "Waiting for MinIO to be ready..." + sleep 5 + done + if ! mc ls myminio/yonote-bucket; then + mc mb myminio/yonote-bucket + else + echo "Bucket yonote-bucket already exists." + fi + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "200m" + restartPolicy: OnFailure + backoffLimit: 5 + ttlSecondsAfterFinished: 100 +{{- end }} \ No newline at end of file diff --git a/yonote-chart-service/templates/realm-configmap.yaml b/yonote-chart-service/templates/realm-configmap.yaml new file mode 100644 index 0000000..11d7483 --- /dev/null +++ b/yonote-chart-service/templates/realm-configmap.yaml @@ -0,0 +1,169 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: realm-export +data: + realm-export.json: | + { + "realm": "yonote", + "enabled": true, + "notBefore": 1647809856, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": true, + "rememberMe": true, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": true, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "clients": [ + { + "clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}", + "secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", + "redirectUris": [ + "https://*.{{ .Values.global.yonote.baseListenAddress }}/*", + "http://*.{{ .Values.global.yonote.baseListenAddress }}/*", + "http://app.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://app.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" + ], + "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}", + "enabled": true, + "publicClient": false, + "protocol": "openid-connect", + "attributes": { + "client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", + "display.on.consent.screen": "true" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "protocolMappers": [ + { + "name": "oidc-display-name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": ["openid", "email"] + } + ], + "identityProviders": [], + "internationalizationEnabled": true, + "clientScopes": [ + { + "name": "openid", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}" + }, + "protocolMappers": [] + }, + { + "name": "email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "56fe6d23-690a-465c-bc36-99bff8fef6eb", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + } + ], + "browserSecurityHeaders": { + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';" + }, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "smtpServer": {} + } \ No newline at end of file diff --git a/yonote-chart-service/templates/secret.yaml b/yonote-chart-service/templates/secret.yaml new file mode 100644 index 0000000..96a343f --- /dev/null +++ b/yonote-chart-service/templates/secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: yonote-secrets + labels: + {{- include "common.labels.standard" $ | nindent 4 }} +type: Opaque + {{- with .Values.global.yonote.config.secret.data }} +data: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.global.yonote.config.secret.stringData }} +stringData: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 2 }} + {{- end }} \ No newline at end of file diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml new file mode 100644 index 0000000..53c5470 --- /dev/null +++ b/yonote-chart-service/values.yaml @@ -0,0 +1,652 @@ +global: + name: yonote-app + yonote: + dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` + baseListenAddress: example.com # Доменный адрес для yonote + + config: + plain: + data: + DEPLOYMENT: hosted + NODE_ENV: production + FORCE_HTTPS: "false" + PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL + + BIND_HOST: 0.0.0.0 # Хост по умолчанию + PORT: "3000" # Порт по умолчанию + + REDIS_URL: redis://yonote-redis-master:6379 + + DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию + ENABLE_UPDATES: "false" + + AI_URL: "1234" + AI_API_KEY: "1234" + WEB_CONCURRENCY: "1" + + URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения + COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать + + OIDC_DISPLAY_NAME: email + OIDC_SCOPES: openid email + OIDC_CLIENT_ID: yonote + OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. + OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. + OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены + OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. + + AWS_S3_ACL: private + AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища + AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища + AWS_REGION: "RU" + AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища + AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3 + S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean + S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. + + SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд + BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста + NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены + + TELEGRAM_API_URL: https://api.telegram.org + + UNSPLASH_API_BASENAME: https://api.unsplash.com + + RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 + + SMTP_HOST: "" + SMTP_USERNAME: "" + SMTP_FROM_EMAIL: "" + SMTP_REPLY_EMAIL: "" + SMTP_PORT: "" + SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ + SMTP_REQUIRE_TLS: "" + + yonote_cron_calendar_events: + cron_enabled: "true" + url: http://yonote-web/api/cron.calendar_events + + yonote_cron_task_scheduler: + cron_enabled: "true" + url: http://yonote-web/api/cron.schedule + +ingress: + enabled: true + name: yonote-ingress + namespace: yonote-onprem + ingressClassName: traefik + tls: + secretName: "you_tls_secret" + hosts: + - "app.example.com" + - "team.example.com" + rules: + - host: "app.example.com" + paths: + - path: / + pathType: Prefix + service: + name: yonote-web + port: 80 + - path: /realtime + pathType: Prefix + service: + name: yonote-websockets + port: 80 + - path: /whiteboard + pathType: Prefix + service: + name: yonote-whiteboard + port: 80 + - path: /collaboration + pathType: Prefix + service: + name: yonote-collaboration + port: 80 + - host: "team.example.com" + paths: + - path: / + pathType: Prefix + service: + name: yonote-web + port: 80 + - path: /realtime + pathType: Prefix + service: + name: yonote-websockets + port: 80 + - path: /whiteboard + pathType: Prefix + service: + name: yonote-whiteboard + port: 80 + - path: /collaboration + pathType: Prefix + service: + name: yonote-collaboration + port: 80 + + annotations: + # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете + +yonote-web: + fullnameOverride: yonote-web + nameOverride: yonote-web + name: web + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.8 + pullPolicy: IfNotPresent + + command: ["/bin/sh", "-c"] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=web'] + + initContainers: + - name: yonote-migration + image: images.updates.yonote.ru/yonote:1.19.8 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - npx sequelize db:migrate + env: + - name: NODE_ENV + value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 200m + memory: 256Mi + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-websocket: + fullnameOverride: yonote-websockets + nameOverride: yonote-websockets + name: websockets + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.8 + pullPolicy: IfNotPresent + + command: ["/bin/sh", "-c"] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets'] + + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 150m + memory: 128Mi + + checksums: null + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-whiteboard: + fullnameOverride: yonote-whiteboard + nameOverride: yonote-whiteboard + name: whiteboard + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.8 + pullPolicy: IfNotPresent + + command: ["/bin/sh", "-c"] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=whiteboard'] + + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 150m + memory: 128Mi + + checksums: null + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-worker: + fullnameOverride: yonote-worker + nameOverride: yonote-worker + name: worker + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.8 + pullPolicy: IfNotPresent + + command: ["/bin/sh", "-c"] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=worker'] + + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 250m + memory: 256Mi + + checksums: null + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-collaboration: + fullnameOverride: yonote-collaboration + nameOverride: yonote-collaboration + name: collaboration + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.8 + pullPolicy: IfNotPresent + + command: ["/bin/sh", "-c"] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=collaboration'] + + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 150m + memory: 128Mi + + checksums: null + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonoteDatabase: + enabled: true + global: + postgresql: + auth: + database: "yonote" + username: "yonote" + name: yonote-database + fullnameOverride: yonote-database + nameOverride: yonote-database + + primary: + persistence: + size: 5Gi + resources: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 500m + memory: 512Mi + +yonote-redis: + enabled: true + fullnameOverride: yonote-redis + nameOverride: redis + architecture: standalone + + auth: + enabled: false + + master: + persistence: + size: 5Gi + resources: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 500m + memory: 512Mi + +minio: + enabled: true + name: minio + fullnameOverride: yonote-minio + nameOverride: yonote-minio + auth: + rootUser: admin + + + persistence: + enabled: true + size: 5Gi + + ingress: + enabled: true + hostname: 's3.example.com' + ingressClassName: traefik + path: '/' + pathType: ImplementationSpecific + annotations: + kubernetes.io/ingress.class: traefik + # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете + extraTls: + - hosts: + - "s3.example.com" + secretName: "you_tls_secret" + + resources: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 2Gi + cpu: 1 + +mcJob: + enabled: true + +keycloak: + auth: + adminUser: root + + fullnameOverride: yonote-keycloak + nameOverride: yonote-keycloak + + command: + - /bin/bash + - -c + - | + /opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \ + /opt/bitnami/keycloak/bin/kc.sh start-dev + + extraEnvVars: + - name: KC_DB_PASSWORD + value: "{{ .Values.keycloak.postgresql.auth.password }}" + - name: KEYCLOAK_PRODUCTION + value: "true" + - name: KC_HOSTNAME_URL + value: "https://auth.example.com" + - name: KC_HOSTNAME_ADMIN_URL + value: "https://auth.example.com" + + extraVolumes: + - name: realm-export + configMap: + name: realm-export + + extraVolumeMounts: + - name: realm-export + mountPath: /opt/bitnami/keycloak/data/import/realm-export.json + subPath: realm-export.json + + ingress: + enabled: true + hostname: auth.example.com + ingressClassName: traefik + tls: true + annotations: + kubernetes.io/ingress.class: traefik + # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете + extraTls: + - hosts: + - "auth.example.com" + secretName: "you_tls_secret" + rules: + - host: "auth.example.com" + paths: + - path: / + pathType: Prefix + service: + name: yonote-keycloak + port: http + - path: /admin + pathType: Prefix + service: + name: yonote-keycloak + port: http + + proxy: "edge" + + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 250m + memory: 256Mi + + postgresql: + enabled: true + auth: + database: keycloak + username: keycloak + name: keycloak-database + fullnameOverride: keycloak-database + nameOverride: keycloak-database + primary: + persistence: + size: 5Gi \ No newline at end of file diff --git a/yonote-chart/secret-values.yaml b/yonote-chart/secret-values.yaml deleted file mode 100644 index ac58287..0000000 --- a/yonote-chart/secret-values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -global: - yonote: - config: - secret: - stringData: - AI_API_KEY: - AWS_ACCESS_KEY_ID: - AWS_SECRET_ACCESS_KEY: - OIDC_CLIENT_SECRET: - SECRET_KEY: - SMTP_PASSWORD: - UTILS_SECRET: - YANDEX_METRIKA_ID: - TELEGRAM_BOT_TOKEN: - UNSPLASH_API_ACCESS_KEY: - DATABASE_URL: "" #postgres://@:5432/yonote - REDIS_URL: "" #redis://username:password>@:6379 - LICENSE_KEY: "" - SERVICE_WORKER_PUBLIC_KEY: "" - SERVICE_WORKER_PRIVATE_KEY: "" - QUOTA_TOKEN: diff --git a/yonote-chart/templates/traefic-http-to-https-redirect-middleware.yaml b/yonote-chart/templates/traefic-http-to-https-redirect-middleware.yaml deleted file mode 100644 index 93c470f..0000000 --- a/yonote-chart/templates/traefic-http-to-https-redirect-middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }} -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: redirect-https -spec: - redirectScheme: - scheme: https - permanent: true -{{- end }} \ No newline at end of file diff --git a/yonote-chart/templates/traefik-wss-headers-middleware.yaml b/yonote-chart/templates/traefik-wss-headers-middleware.yaml deleted file mode 100644 index c8fc1bd..0000000 --- a/yonote-chart/templates/traefik-wss-headers-middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }} -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: wss-headers -spec: - headers: - customRequestHeaders: - X-Forwarded-Proto: https -{{- end }} \ No newline at end of file diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml deleted file mode 100644 index 1b8592c..0000000 --- a/yonote-chart/values.yaml +++ /dev/null @@ -1,506 +0,0 @@ -global: - postgresql: - auth: - database: yonote - username: yonote - - yonote: - ingress: - ingressClassName: traefik - - dbMigrationEnv: production-ssl-disabled - - keycloak: - hostName: auth.example.com - realmName: yonote - - baseListenAddress: example.com - - config: - plain: - data: - DEPLOYMENT: hosted - FORCE_HTTPS: "false" - PGSSLMODE: disable - - BIND_HOST: 0.0.0.0 - PORT: "3000" - - REDIS_URL: redis://yonote-redis-master:6379 - - DEFAULT_LANGUAGE: ru_RU - ENABLE_UPDATES: "false" - - AI_URL: http://engate.wilix.dev:5001 - - URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}' - COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' - - OIDC_DISPLAY_NAME: email - OIDC_SCOPES: openid email - OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/auth' - OIDC_LOGOUT_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/logout' - OIDC_TOKEN_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/token' - OIDC_USERINFO_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/userinfo' - - AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: example-url-s3 - AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket - AWS_REGION: "" - AWS_S3_UPLOAD_MAX_SIZE: "226214400" - AWS_S3_FORCE_PATH_STYLE: "false" - - SUBDOMAINS_ENABLED: "true" - BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' - NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates - - TELEGRAM_API_URL: https://api.telegram.org - - UNSPLASH_API_BASENAME: https://api.unsplash.com - - RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 - - SMTP_HOST: "" - SMTP_USERNAME: "" - SMTP_FROM_EMAIL: "" - SMTP_REPLY_EMAIL: "" - SMTP_PORT: "" - SMTP_SECURE: "" #connection will be upgraded: https://nodemailer.com/smtp/ - SMTP_REQUIRE_TLS: "" - - secret: - stringData: - DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db/{{ .Values.global.postgresql.auth.database }}' - - yonote_cron_calendar_events: - cron_enabled: "true" - url: http://yonote-web/api/cron.calendar_events - - yonote_cron_task_scheduler: - cron_enabled: "true" - url: http://yonote-web/api/cron.schedule - -name: yonote - -yonote-web: - fullnameOverride: yonote-web - nameOverride: yonote-web - name: web - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - args: - - ./build/server/index.js - - '--services=web' - - initContainers: - - name: yonote-migration - image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - '-c' - - npx sequelize db:migrate - env: - - name: NODE_ENV - value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - resources: - limits: - cpu: 350m - memory: 512Mi - requests: - cpu: 200m - memory: 128Mi - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - ingress: - enabled: true - hostname: '"*.yonote.example.com"' - ingressClassName: "" - path: '/' - pathType: Prefix - tls: false - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-websocket: - fullnameOverride: yonote-websockets - nameOverride: yonote-websockets - name: websockets - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - args: - - ./build/server/index.js - - '--services=websockets' - - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 50m - memory: 128Mi - - checksums: null - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - ingress: - enabled: true - hostname: '"*.yonote.example.com"' - ingressClassName: "" - path: '/realtime' - pathType: Prefix - tls: false - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-whiteboard: - fullnameOverride: yonote-whiteboard - nameOverride: yonote-whiteboard - name: whiteboard - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - args: - - ./build/server/index.js - - '--services=whiteboard' - - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 50m - memory: 128Mi - - checksums: null - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - ingress: - enabled: true - hostname: '"*.yonote.example.com"' - ingressClassName: "" - path: '/whiteboard' - pathType: Prefix - tls: false - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-worker: - fullnameOverride: yonote-worker - nameOverride: yonote-worker - name: worker - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - args: - - ./build/server/index.js - - '--services=worker' - - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 256Mi - - checksums: null - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-collaboration: - fullnameOverride: yonote-collaboration - nameOverride: yonote-collaboration - name: collaboration - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - args: - - ./build/server/index.js - - '--services=collaboration' - - checksums: null - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - ingress: - enabled: true - hostname: '"*.yonote.example.com"' - ingressClassName: "" - path: '/collaboration' - pathType: Prefix - tls: false - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-database: - enabled: true - fullnameOverride: yonote-db - nameOverride: db - primary: - persistence: - size: 10Gi - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - -yonote-redis: - enabled: true - fullnameOverride: yonote-redis - nameOverride: redis - architecture: standalone - auth: - enabled: false - master: - persistence: - size: 5Gi - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 50m - memory: 128Mi \ No newline at end of file