diff --git a/yonote-chart/Chart.yaml b/yonote-chart/Chart.yaml index 4e56d5f..f40786d 100644 --- a/yonote-chart/Chart.yaml +++ b/yonote-chart/Chart.yaml @@ -1,9 +1,41 @@ apiVersion: v2 name: yonote-chart -version: 1.0.1 +version: 1.2.0 dependencies: - name: app version: "0.3.15" - repository: https://artifacts.wilix.dev/repository/helm-dysnix + repository: https://dysnix.github.io/charts alias: yonote-web + + - name: app + version: "0.3.15" + repository: https://dysnix.github.io/charts + alias: yonote-websocket + + - name: app + version: "0.3.15" + repository: https://dysnix.github.io/charts + alias: yonote-whiteboard + + - name: app + version: "0.3.15" + repository: https://dysnix.github.io/charts + alias: yonote-worker + + - name: app + version: "0.3.15" + repository: https://dysnix.github.io/charts + alias: yonote-collaboration + + - name: postgresql + version: "11.6.6" + repository: https://charts.bitnami.com/bitnami + condition: yonote-database.enabled + alias: yonote-database + + - name: redis + version: "16.12.1" + repository: https://artifacts.wilix.dev/repository/helm-bitnami + condition: yonote-redis.enabled + alias: yonote-redis diff --git a/yonote-chart/charts/app-0.3.15.tgz b/yonote-chart/charts/app-0.3.15.tgz deleted file mode 100644 index b7125eb..0000000 Binary files a/yonote-chart/charts/app-0.3.15.tgz and /dev/null differ diff --git a/yonote-chart/secret-values.yaml b/yonote-chart/secret-values.yaml index 908e468..ac58287 100644 --- a/yonote-chart/secret-values.yaml +++ b/yonote-chart/secret-values.yaml @@ -3,15 +3,19 @@ global: config: secret: stringData: - AWS_ACCESS_KEY_ID: "" - AWS_SECRET_ACCESS_KEY: "" - OIDC_CLIENT_SECRET: "" - SECRET_KEY: "" - SMTP_PASSWORD: "" - UTILS_SECRET: "" - TELEGRAM_BOT_TOKEN: "" + AI_API_KEY: + AWS_ACCESS_KEY_ID: + AWS_SECRET_ACCESS_KEY: + OIDC_CLIENT_SECRET: + SECRET_KEY: + SMTP_PASSWORD: + UTILS_SECRET: + YANDEX_METRIKA_ID: + TELEGRAM_BOT_TOKEN: + UNSPLASH_API_ACCESS_KEY: DATABASE_URL: "" #postgres://@:5432/yonote REDIS_URL: "" #redis://username:password>@:6379 LICENSE_KEY: "" SERVICE_WORKER_PUBLIC_KEY: "" SERVICE_WORKER_PRIVATE_KEY: "" + QUOTA_TOKEN: diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml index c8b7ce0..e5cff36 100644 --- a/yonote-chart/values.yaml +++ b/yonote-chart/values.yaml @@ -1,36 +1,66 @@ global: + postgresql: + auth: + database: yonote + username: yonote + yonote: ingress: - ingressClassName: nginx + ingressClassName: traefik + + dbMigrationEnv: production-ssl-disabled + keycloak: hostName: auth.example.com realmName: yonote - ### Forbidden_Subdomains: app,localhost,yonote + baseListenAddress: example.com + config: plain: data: + DEPLOYMENT: hosted FORCE_HTTPS: "false" + PGSSLMODE: disable + BIND_HOST: 0.0.0.0 PORT: "3000" - URL: 'http://{{ .Values.global.yonote.baseListenAddress }}' - COLLABORATION_URL: 'wss://{{ .Values.global.yonote.baseListenAddress }}' + + REDIS_URL: redis://yonote-redis-master:6379 + + DEFAULT_LANGUAGE: ru_RU + ENABLE_UPDATES: "false" + + AI_URL: http://engate.wilix.dev:5001 + + URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}' + COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' + + OIDC_DISPLAY_NAME: email + OIDC_SCOPES: openid email OIDC_CLIENT_ID: yonote OIDC_AUTH_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/auth' OIDC_LOGOUT_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/logout' OIDC_TOKEN_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/token' OIDC_USERINFO_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/userinfo' - AWS_S3_UPLOAD_BUCKET_URL: "" + + AWS_S3_ACL: private + AWS_S3_UPLOAD_BUCKET_URL: example-url-s3 AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket AWS_REGION: "" AWS_S3_UPLOAD_MAX_SIZE: "226214400" + AWS_S3_FORCE_PATH_STYLE: "false" + + SUBDOMAINS_ENABLED: "true" + BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' + NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates + TELEGRAM_API_URL: https://api.telegram.org - OIDC_DISPLAY_NAME: email - OIDC_SCOPES: openid email - PGSSLMODE: disable - USE_LEGACY_LOGOUT: "true" - AWS_S3_FORCE_PATH_STYLE: "true" - AWS_S3_ACL: private + + UNSPLASH_API_BASENAME: https://api.unsplash.com + + RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 + SMTP_HOST: "" SMTP_USERNAME: "" SMTP_FROM_EMAIL: "" @@ -39,73 +69,88 @@ global: SMTP_SECURE: "" #connection will be upgraded: https://nodemailer.com/smtp/ SMTP_REQUIRE_TLS: "" + + yonote_cron_calendar_events: + cron_enabled: "true" + url: http://yonote-web/api/cron.calendar_events + + yonote_cron_task_scheduler: + cron_enabled: "true" + url: http://yonote-web/api/cron.schedule + name: yonote yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web name: web + image: registry: images.updates.yonote.ru repository: yonote - tag: 1.15.1 + tag: 1.19.5 pullPolicy: IfNotPresent + + args: + - ./build/server/index.js + - '--services=web' + + initContainers: + - name: yonote-migration + image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - '-c' + - npx sequelize db:migrate + env: + - name: NODE_ENV + value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + resources: limits: - cpu: "1" - memory: 1Gi + cpu: 350m + memory: 512Mi requests: - cpu: 250m - memory: 256Mi - ingress: - enabled: true - hostname: '"example.com"' - ingressClassName: nginx - path: '/' - pathType: Prefix - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/server-snippets: | - location /realtime { - proxy_set_header Upgrade $http_upgrade; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header Connection "upgrade"; - proxy_cache_bypass $http_upgrade; - } - - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - cert-manager.io/cluster-issuer: "" - extraTls: - - hosts: - - "example.com" - secretName: example-tls + cpu: 200m + memory: 128Mi + containerPorts: - containerPort: 3000 name: app protocol: TCP + service: type: ClusterIP port: 80 targetPort: app + envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets + + ingress: + enabled: true + hostname: '"*.yonote.example.com"' + ingressClassName: "" + path: '/' + pathType: Prefix + tls: false podLabels: redis-client: 'true' + podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + readinessProbe: enabled: true failureThreshold: 6 @@ -116,6 +161,7 @@ yonote-web: httpGet: path: /_health port: app + livenessProbe: enabled: true failureThreshold: 6 @@ -126,3 +172,333 @@ yonote-web: httpGet: path: /_health port: app + +yonote-websocket: + fullnameOverride: yonote-websockets + nameOverride: yonote-websockets + name: websockets + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.5 + pullPolicy: IfNotPresent + + args: + - ./build/server/index.js + - '--services=websockets' + + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi + + checksums: null + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + ingress: + enabled: true + hostname: '"*.yonote.example.com"' + ingressClassName: "" + path: '/realtime' + pathType: Prefix + tls: false + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-whiteboard: + fullnameOverride: yonote-whiteboard + nameOverride: yonote-whiteboard + name: whiteboard + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.5 + pullPolicy: IfNotPresent + + args: + - ./build/server/index.js + - '--services=whiteboard' + + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi + + checksums: null + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + ingress: + enabled: true + hostname: '"*.yonote.example.com"' + ingressClassName: "" + path: '/whiteboard' + pathType: Prefix + tls: false + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-worker: + fullnameOverride: yonote-worker + nameOverride: yonote-worker + name: worker + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.5 + pullPolicy: IfNotPresent + + args: + - ./build/server/index.js + - '--services=worker' + + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 256Mi + + checksums: null + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-collaboration: + fullnameOverride: yonote-collaboration + nameOverride: yonote-collaboration + name: collaboration + + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.5 + pullPolicy: IfNotPresent + + args: + - ./build/server/index.js + - '--services=collaboration' + + checksums: null + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + + service: + type: ClusterIP + port: 80 + targetPort: app + + ingress: + enabled: true + hostname: '"*.yonote.example.com"' + ingressClassName: "" + path: '/collaboration' + pathType: Prefix + tls: false + + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + podLabels: + redis-client: 'true' + + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-database: + enabled: true + fullnameOverride: yonote-db + nameOverride: db + primary: + persistence: + storageClass: local + size: 10Gi + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + +yonote-redis: + enabled: true + fullnameOverride: yonote-redis + nameOverride: redis + architecture: standalone + auth: + enabled: false + master: + persistence: + size: 5Gi + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi \ No newline at end of file