yonote
/
onprem-deploy
17
0
Fork 0
Code Pull Requests Releases Activity

test

This commit is contained in:
artem.drozdov 2024-08-14 15:38:44 +03:00
parent 711d43f2ae
commit aa7ce3d79f
9 changed files with 201 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
yonote-chart/Chart.lock
View File

@ -20,8 +20,14 @@ dependencies:
- name: redis - name: redis
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 16.12.1 version: 16.12.1
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.2
- name: minio - name: minio
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 14.6.20 version: 14.6.20
digest: sha256:ac298eab717f006b97255703008f8d675b5e0603afa5b755673455012d6d3693 digest: sha256:c5b8b9e07fb2f98522c86c4b5e0758d5adecd9d2493fa65d942c5fbcca316a9b
generated: "2024-07-16T12:06:23.7878103+03:00" generated: "2024-08-14T15:35:18.751768537+03:00"

12
yonote-chart/Chart.yaml
View File

@ -47,6 +47,18 @@ dependencies:
condition: yonote-redis.enabled condition: yonote-redis.enabled
alias: yonote-redis alias: yonote-redis
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
condition: keycloak.enabled
alias: keycloak
- name: postgresql
version: "11.6.2"
repository: https://charts.bitnami.com/bitnami
condition: keycloak.keycloak-database.enabled
alias: keycloak-database
- name: minio - name: minio
version: "14.6.20" version: "14.6.20"
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami

BIN
yonote-chart/charts/postgresql-11.6.2.tgz Normal file
View File

Binary file not shown.

11
yonote-chart/secret-values.yaml
View File

@ -27,5 +27,16 @@ global:
password: "wsGZ6kXhr5" password: "wsGZ6kXhr5"
postgresPassword: "QQYw4UjOU" postgresPassword: "QQYw4UjOU"
keycloak-app:
global:
postgresql:
auth:
password: "tT9BqYdNyd1"
keycloak:
secrets:
secrets:
stringData:
KEYCLOAK_ADMIN_PASSWORD: "12345"
KC_DB_PASSWORD: "tT9BqYdNyd1"

101
yonote-chart/values.yaml
View File

@ -1,5 +1,4 @@
global: global:
name: yonote-app
postgresql: postgresql:
auth: auth:
database: yonote database: yonote
@ -679,3 +678,103 @@ minio:
buckets: buckets:
- name: yonote-bucket - name: yonote-bucket
policy: none policy: none
keycloak-database:
enabled: true
name: keycloak-database
fullnameOverride: yonote-keycloak-db
nameOverride: db
primary:
persistence:
size: 512Mi
keycloak:
global:
postgresql:
auth:
database: keycloak
username: keycloak
enabled: true
name: yonote-keycloak
fullnameOverride: yonote-keycloak
image:
registry: images.updates.yonote.ru
repository: yonote-keycloak
tag: 19-0.1.1
command:
- /bin/sh
- -c
- /opt/keycloak/bin/kc.sh import --file=/opt/keycloak/data/import/realm-export.json --debug
- /opt/keycloak/bin/kc.sh start
configMaps:
configs:
data:
KEYCLOAK_ADMIN: root
KC_PROXY: edge
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev
KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
# KC_DB_URL_DATABASE: keycloak
KC_DB_USERNAME: keycloak
KC_HOSTNAME_STRICT_HTTPS: "false"
KC_HOSTNAME_PATH: "/"
envFrom:
- configMapRef:
name: '{{ template "app.fullname" . }}-configs'
- secretRef:
name: '{{ template "app.fullname" . }}-secrets'
checksums:
- secrets.yaml
- configmaps.yaml
containerPorts:
- containerPort: 8080
name: app
protocol: TCP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 150m
memory: 128Mi
service:
type: ClusterIP
port: 8080
targetPort: 8080
ingress:
enabled: true
hostname: 'auth.onprem-test.stands.wilix.dev'
ingressClassName: traefik
path: '/'
pathType: Prefix
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
extraTls:
- hosts:
- "auth.onprem-test.stands.wilix.dev"
secretName: "auth.onprem-test.stands.wilix.dev"
# livenessProbe:
# enabled: true
# failureThreshold: 6
# initialDelaySeconds: 60
# periodSeconds: 15
# successThreshold: 1
# timeoutSeconds: 5
# httpGet:
# path: /
# port: app
# readinessProbe:
# enabled: true
# failureThreshold: 6
# initialDelaySeconds: 60
# periodSeconds: 15
# successThreshold: 1
# timeoutSeconds: 5
# httpGet:
# path: /
# port: app

2
yonote-keycloak-chart/Chart.lock
View File

@ -6,4 +6,4 @@ dependencies:
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 11.6.2 version: 11.6.2
digest: sha256:4ff512f4cf7c217961e59af3e2cb656f4d6fc8441f17ce3da96ca1a03f58bf58 digest: sha256:4ff512f4cf7c217961e59af3e2cb656f4d6fc8441f17ce3da96ca1a03f58bf58
generated: "2024-07-16T12:04:39.863844193+03:00" generated: "2024-08-13T16:19:44.489332745+03:00"

1
yonote-keycloak-chart/secret-values.yaml
View File

@ -9,3 +9,4 @@ keycloak:
stringData: stringData:
KEYCLOAK_ADMIN_PASSWORD: "12345" KEYCLOAK_ADMIN_PASSWORD: "12345"
KC_DB_PASSWORD: "tT9BqYdNyd1" KC_DB_PASSWORD: "tT9BqYdNyd1"

42
yonote-keycloak-chart/traefik-forward-auth.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: traefik-forward-auth name: traefik-forward-auth
namespace: yonote-develop namespace: yonote-onprem
labels: labels:
app: traefik-forward-auth app: traefik-forward-auth
spec: spec:
@ -35,11 +35,11 @@ spec:
- name: DEFAULT_PROVIDER - name: DEFAULT_PROVIDER
value: "oidc" value: "oidc"
- name: PROVIDERS_OIDC_ISSUER_URL - name: PROVIDERS_OIDC_ISSUER_URL
value: "https://auth.yonote.develop.wilix.dev/realms/dev-forward-auth" value: "https://auth.onprem-test.stands.wilix.dev/realms/yonote"
- name: PROVIDERS_OIDC_CLIENT_ID - name: PROVIDERS_OIDC_CLIENT_ID
value: "dev-forward-auth-client" value: "admin"
- name: PROVIDERS_OIDC_CLIENT_SECRET - name: PROVIDERS_OIDC_CLIENT_SECRET
value: "552xO2iJ70KiXU5laViGlEHavDjpSZ6X" value: "12345"
- name: SECRET - name: SECRET
value: "0987654321" value: "0987654321"
- name: LOG_LEVEL - name: LOG_LEVEL
@ -53,3 +53,37 @@ spec:
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
securityContext: {} securityContext: {}
schedulerName: default-scheduler schedulerName: default-scheduler
---
apiVersion: v1
kind: Service
metadata:
name: traefik-forward-auth
namespace: yonote-onprem
labels:
app: traefik-forward-auth
spec:
ports:
- name: auth-http
protocol: TCP
port: 4181
targetPort: 4181
selector:
app: traefik-forward-auth
type: ClusterIP
sessionAffinity: None
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-forward-auth
spec:
forwardAuth:
address: https://auth.onprem-test.stands.wilix.dev:4181
authResponseHeaders:
- X-Forwarded-User

52
yonote-keycloak-chart/values.yaml
View File

@ -18,26 +18,25 @@ keycloak:
image: image:
registry: images.updates.yonote.ru registry: images.updates.yonote.ru
repository: yonote-keycloak repository: yonote-keycloak
tag: latest tag: 19-0.1.1
command: command:
- /bin/sh - /bin/sh
- -c - -c
- | - /opt/keycloak/bin/kc.sh import --file=/opt/keycloak/data/import/realm-export.json --debug
"/opt/keycloak/bin/kc.sh" "start-dev" - /opt/keycloak/bin/kc.sh start
configMaps: configMaps:
configs: configs:
data: data:
KEYCLOAK_PROFILE: dev
KEYCLOAK_ADMIN: root KEYCLOAK_ADMIN: root
KC_PROXY: edge KC_PROXY: edge
KC_HOSTNAME_STRICT: "false" KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev/admin KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev
KC_HOSTNAME: auth.onprem-test.stands.wilix.dev KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
KC_DB: postgres KC_DB: postgres
KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
KC_DB_URL_DATABASE: keycloak # KC_DB_URL_DATABASE: keycloak
KC_DB_USERNAME: keycloak KC_DB_USERNAME: keycloak
KC_HOSTNAME_STRICT_HTTPS: "false" KC_HOSTNAME_STRICT_HTTPS: "false"
KC_HOSTNAME_PATH: "/" KC_HOSTNAME_PATH: "/"
@ -65,7 +64,6 @@ keycloak:
cpu: 150m cpu: 150m
memory: 128Mi memory: 128Mi
service:
service: service:
type: ClusterIP type: ClusterIP
port: 8080 port: 8080
@ -85,24 +83,24 @@ keycloak:
- "auth.onprem-test.stands.wilix.dev" - "auth.onprem-test.stands.wilix.dev"
secretName: "auth.onprem-test.stands.wilix.dev" secretName: "auth.onprem-test.stands.wilix.dev"
livenessProbe: # livenessProbe:
enabled: true # enabled: true
failureThreshold: 6 # failureThreshold: 6
initialDelaySeconds: 60 # initialDelaySeconds: 60
periodSeconds: 15 # periodSeconds: 15
successThreshold: 1 # successThreshold: 1
timeoutSeconds: 5 # timeoutSeconds: 5
httpGet: # httpGet:
path: / # path: /
port: app # port: app
readinessProbe: # readinessProbe:
enabled: true # enabled: true
failureThreshold: 6 # failureThreshold: 6
initialDelaySeconds: 60 # initialDelaySeconds: 60
periodSeconds: 15 # periodSeconds: 15
successThreshold: 1 # successThreshold: 1
timeoutSeconds: 5 # timeoutSeconds: 5
httpGet: # httpGet:
path: / # path: /
port: app # port: app