diff --git a/yonote-chart/templates/secret.yaml b/secret.yaml similarity index 100% rename from yonote-chart/templates/secret.yaml rename to secret.yaml diff --git a/yonote-chart/Chart.lock b/yonote-chart/Chart.lock index 786b01f..c7bb5aa 100644 --- a/yonote-chart/Chart.lock +++ b/yonote-chart/Chart.lock @@ -28,6 +28,6 @@ dependencies: version: 11.6.2 - name: minio repository: https://charts.bitnami.com/bitnami - version: 14.6.20 -digest: sha256:c5b8b9e07fb2f98522c86c4b5e0758d5adecd9d2493fa65d942c5fbcca316a9b -generated: "2024-08-14T15:57:19.424501351+03:00" + version: 14.0.0 +digest: sha256:d885d7c44dc28f36c26f218ca8c5ae318aced1b312b31403d00aec70d1be1d78 +generated: "2024-08-16T13:31:48.832508252+03:00" diff --git a/yonote-chart/Chart.yaml b/yonote-chart/Chart.yaml index a7bebb7..97aa901 100644 --- a/yonote-chart/Chart.yaml +++ b/yonote-chart/Chart.yaml @@ -60,7 +60,7 @@ dependencies: alias: keycloak-database - name: minio - version: "14.6.20" + version: "14.0.0" repository: https://charts.bitnami.com/bitnami condition: minio.enabled alias: minio \ No newline at end of file diff --git a/yonote-chart/charts/minio-14.0.0.tgz b/yonote-chart/charts/minio-14.0.0.tgz new file mode 100644 index 0000000..b537195 Binary files /dev/null and b/yonote-chart/charts/minio-14.0.0.tgz differ diff --git a/yonote-chart/charts/minio-14.6.20.tgz b/yonote-chart/charts/minio-14.6.20.tgz deleted file mode 100644 index e3c59bc..0000000 Binary files a/yonote-chart/charts/minio-14.6.20.tgz and /dev/null differ diff --git a/yonote-chart/secret-values.yaml b/yonote-chart/secret-values.yaml index b4a765f..406df18 100644 --- a/yonote-chart/secret-values.yaml +++ b/yonote-chart/secret-values.yaml @@ -3,11 +3,11 @@ global: config: secret: stringData: - DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db:5432/{{ .Values.global.postgresql.auth.database }}' - POSTGRES_PASSWORD: wsGZ6kXhr5 + # DATABASE_URL: "postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db:5432/{{ .Values.global.postgresql.auth.database }}" + # POSTGRES_PASSWORD: "{{ .Values.global.postgresql.auth.password }}" AWS_ACCESS_KEY_ID: "" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу AWS_SECRET_ACCESS_KEY: "minioadmin" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу - OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" + OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. SMTP_PASSWORD: "1234" UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. @@ -21,22 +21,24 @@ global: # 2) Выполнить команду для генерации ключей # npx web-push generate-vapid-keys # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) - - postgresql: - auth: - password: "wsGZ6kXhr5" - postgresPassword: "QQYw4UjOU" +yonote-database: + global: + postgresql: + auth: + password: "wsGZ6kXhr5" + postgresPassword: "QQYw4UjOU" + -keycloak-app: - global: +keycloak-database: + global: postgresql: auth: password: "tT9BqYdNyd1" - keycloak: +keycloak: + secrets: secrets: - secrets: - stringData: - KEYCLOAK_ADMIN_PASSWORD: "12345" - KC_DB_PASSWORD: "tT9BqYdNyd1" + stringData: + KEYCLOAK_ADMIN_PASSWORD: "12345" + KC_DB_PASSWORD: "tT9BqYdNyd1" \ No newline at end of file diff --git a/yonote-chart/traefic-http-to-https-redirect-middleware.yaml b/yonote-chart/traefic-http-to-https-redirect-middleware.yaml deleted file mode 100644 index f1129b1..0000000 --- a/yonote-chart/traefic-http-to-https-redirect-middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }} -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: yonote-onprem-redirect-https -spec: - redirectScheme: - scheme: https - permanent: true -{{- end }} \ No newline at end of file diff --git a/yonote-chart/traefik-wss-headers-middleware.yaml b/yonote-chart/traefik-wss-headers-middleware.yaml deleted file mode 100644 index e70cfc2..0000000 --- a/yonote-chart/traefik-wss-headers-middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }} -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: yonote-onprem-wss-headers -spec: - headers: - customRequestHeaders: - X-Forwarded-Proto: https -{{- end }} \ No newline at end of file diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml index 39632c4..cce94f2 100644 --- a/yonote-chart/values.yaml +++ b/yonote-chart/values.yaml @@ -1,9 +1,4 @@ global: - postgresql: - auth: - database: yonote - username: yonote - yonote: dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` baseListenAddress: onprem-test.stands.wilix.dev @@ -74,21 +69,6 @@ global: cron_enabled: "true" url: http://yonote-web/api/cron.schedule - # ingress: - # enabled: true - # hostname: 'app.onprem-test.stands.wilix.dev' - # ingressClassName: traefik - # path: '/' - # pathType: Prefix - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" - # # nginx.ingress.kubernetes.io/configuration-snippet: | - # # more_set_headers "Host $http_host"; - # # more_set_headers "X-Real-IP $remote_addr"; - # # more_set_headers "X-Forwarded-Proto $scheme"; - # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - ingress: enabled: true name: yonote-ingress @@ -226,26 +206,6 @@ yonote-web: name: yonote-configs - secretRef: name: yonote-secrets - - # ingress: - # enabled: true - # hostname: 'app.onprem-test.stands.wilix.dev' - # ingressClassName: traefik - # path: '/' - # pathType: Prefix - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' - # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" - # # nginx.ingress.kubernetes.io/configuration-snippet: | - # # more_set_headers "Host $http_host"; - # # more_set_headers "X-Real-IP $remote_addr"; - # # more_set_headers "X-Forwarded-Proto $scheme"; - # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - # extraTls: - # - hosts: - # - "app.onprem-test.stands.wilix.dev" - # secretName: "app.onprem-test.stands.wilix.dev" podLabels: redis-client: 'true' @@ -316,25 +276,6 @@ yonote-websocket: port: 80 targetPort: app - # ingress: - # enabled: true - # hostname: 'app.onprem-test.stands.wilix.dev' - # ingressClassName: traefik - # path: '/realtime' - # pathType: Prefix - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' - # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" - # # nginx.ingress.kubernetes.io/configuration-snippet: | - # # more_set_headers "Host $http_host"; - # # more_set_headers "X-Real-IP $remote_addr"; - # # more_set_headers "X-Forwarded-Proto $scheme"; - # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - # extraTls: - # - hosts: - # - "app.onprem-test.stands.wilix.dev" - # secretName: "app.onprem-test.stands.wilix.dev" podLabels: redis-client: 'true' @@ -405,27 +346,6 @@ yonote-whiteboard: port: 80 targetPort: app - # ingress: - # enabled: true - # hostname: 'app.onprem-test.stands.wilix.dev' - # ingressClassName: traefik - # path: '/whiteboard' - # pathType: Prefix - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' - # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" - # # nginx.ingress.kubernetes.io/configuration-snippet: | - # # more_set_headers "Host $http_host"; - # # more_set_headers "X-Real-IP $remote_addr"; - # # more_set_headers "X-Forwarded-Proto $scheme"; - # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - # extraTls: - # - hosts: - # - "app.onprem-test.stands.wilix.dev" - # secretName: "app.onprem-test.stands.wilix.dev" - - podLabels: redis-client: 'true' @@ -549,26 +469,6 @@ yonote-collaboration: type: ClusterIP port: 80 targetPort: app - - # ingress: - # enabled: true - # hostname: 'app.onprem-test.stands.wilix.dev' - # ingressClassName: traefik - # path: '/collaboration' - # pathType: Prefix - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' - # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" - # # nginx.ingress.kubernetes.io/configuration-snippet: | - # # more_set_headers "Host $http_host"; - # # more_set_headers "X-Real-IP $remote_addr"; - # # more_set_headers "X-Forwarded-Proto $scheme"; - # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - # extraTls: - # - hosts: - # - "app.onprem-test.stands.wilix.dev" - # secretName: "app.onprem-test.stands.wilix.dev" envFrom: - configMapRef: @@ -605,8 +505,13 @@ yonote-collaboration: path: /_health port: app -yonote-database: - enabled: true +yonote-database: + enabled: true + global: + postgresql: + auth: + database: "yonote" + username: "yonote" fullnameOverride: yonote-db nameOverride: db @@ -639,62 +544,23 @@ yonote-redis: memory: 256Mi requests: cpu: 50m - memory: 128Mi - -minio: - enabled: true - name: minio - fullnameOverride: yonote-minio - nameOverride: minio - accessKey: "minioadmin" - secretKey: "minioadminsecret" - - persistence: - enabled: true - size: 500Mi - - ingress: - enabled: true - hostname: 's3.onprem-test.stands.wilix.dev' - ingressClassName: traefik - path: '/' - pathType: Prefix - annotations: - kubernetes.io/ingress.class: traefik - cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - extraTls: - - hosts: - - "s3.onprem-test.stands.wilix.dev" - secretName: "s3.onprem-test.stands.wilix.dev" - - resources: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - cpu: 500m - - buckets: - - name: yonote-bucket - policy: none - + memory: 128Mi + keycloak-database: - enabled: true - name: keycloak-database - fullnameOverride: yonote-keycloak-db - nameOverride: db - primary: - persistence: - size: 512Mi - -keycloak: + enabled: true global: postgresql: auth: database: keycloak username: keycloak + name: keycloak-database + fullnameOverride: yonote-keycloak-db + nameOverride: db + primary: + persistence: + size: 512Mi +keycloak: enabled: true name: yonote-keycloak fullnameOverride: yonote-keycloak @@ -717,7 +583,6 @@ keycloak: KC_HOSTNAME: auth.onprem-test.stands.wilix.dev KC_DB: postgres KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak - # KC_DB_URL_DATABASE: keycloak KC_DB_USERNAME: keycloak KC_HOSTNAME_STRICT_HTTPS: "false" KC_HOSTNAME_PATH: "/" @@ -777,4 +642,41 @@ keycloak: # timeoutSeconds: 5 # httpGet: # path: / - # port: app \ No newline at end of file + # port: app + +minio: + enabled: true + name: minio + fullnameOverride: yonote-minio + nameOverride: minio + accessKey: "minioadmin" + secretKey: "minioadminsecret" + persistence: + enabled: true + size: 500Mi + + ingress: + enabled: true + hostname: 's3.onprem-test.stands.wilix.dev' + ingressClassName: traefik + path: '/' + pathType: Prefix + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + extraTls: + - hosts: + - "s3.onprem-test.stands.wilix.dev" + secretName: "s3.onprem-test.stands.wilix.dev" + + resources: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + + buckets: + - name: yonote-bucket + policy: none \ No newline at end of file