diff --git a/yonote-chart/.helmignore b/yonote-chart/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/yonote-chart/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/yonote-chart/Chart.lock b/yonote-chart/Chart.lock index c67545f..6a6910e 100644 --- a/yonote-chart/Chart.lock +++ b/yonote-chart/Chart.lock @@ -1,16 +1,4 @@ dependencies: -- name: app - repository: https://dysnix.github.io/charts - version: 0.3.15 -- name: app - repository: https://dysnix.github.io/charts - version: 0.3.15 -- name: app - repository: https://dysnix.github.io/charts - version: 0.3.15 -- name: app - repository: https://dysnix.github.io/charts - version: 0.3.15 - name: app repository: https://dysnix.github.io/charts version: 0.3.15 @@ -23,5 +11,5 @@ dependencies: - name: minio repository: https://charts.bitnami.com/bitnami version: 14.6.20 -digest: sha256:ac298eab717f006b97255703008f8d675b5e0603afa5b755673455012d6d3693 -generated: "2024-07-16T12:06:23.7878103+03:00" +digest: sha256:dfaa7914dc55b5c305826ec1ed880af5c50904131aca19fe758d779719d35e99 +generated: "2024-07-17T16:05:55.571392551+03:00" diff --git a/yonote-chart/Chart.yaml b/yonote-chart/Chart.yaml index 25064f6..b0650d3 100644 --- a/yonote-chart/Chart.yaml +++ b/yonote-chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: yonote-chart -version: 1.2.0 +version: 1.2.1 description: Generic application Helm chart. This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart. @@ -14,27 +14,7 @@ dependencies: version: "0.3.15" repository: https://dysnix.github.io/charts alias: yonote-web - - - name: app - version: "0.3.15" - repository: https://dysnix.github.io/charts - alias: yonote-websocket - - - name: app - version: "0.3.15" - repository: https://dysnix.github.io/charts - alias: yonote-whiteboard - - - name: app - version: "0.3.15" - repository: https://dysnix.github.io/charts - alias: yonote-worker - - - name: app - version: "0.3.15" - repository: https://dysnix.github.io/charts - alias: yonote-collaboration - + - name: postgresql version: "11.6.6" repository: https://charts.bitnami.com/bitnami diff --git a/yonote-chart/charts/app-0.3.15.tgz b/yonote-chart/charts/app-0.3.15.tgz deleted file mode 100644 index b7125eb..0000000 Binary files a/yonote-chart/charts/app-0.3.15.tgz and /dev/null differ diff --git a/yonote-chart/charts/minio-14.6.20.tgz b/yonote-chart/charts/minio-14.6.20.tgz deleted file mode 100644 index e3c59bc..0000000 Binary files a/yonote-chart/charts/minio-14.6.20.tgz and /dev/null differ diff --git a/yonote-chart/charts/postgresql-11.6.6.tgz b/yonote-chart/charts/postgresql-11.6.6.tgz deleted file mode 100644 index b743d2b..0000000 Binary files a/yonote-chart/charts/postgresql-11.6.6.tgz and /dev/null differ diff --git a/yonote-chart/charts/redis-16.12.1.tgz b/yonote-chart/charts/redis-16.12.1.tgz deleted file mode 100644 index 8be70f6..0000000 Binary files a/yonote-chart/charts/redis-16.12.1.tgz and /dev/null differ diff --git a/yonote-chart/secret-values.yaml b/yonote-chart/secret-values.yaml index c21f90f..3cbd5a8 100644 --- a/yonote-chart/secret-values.yaml +++ b/yonote-chart/secret-values.yaml @@ -5,9 +5,9 @@ global: stringData: DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db:5432/{{ .Values.global.postgresql.auth.database }}' POSTGRES_PASSWORD: wsGZ6kXhr5 - AWS_ACCESS_KEY_ID: "" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу - AWS_SECRET_ACCESS_KEY: "minioadmin" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу - OIDC_CLIENT_SECRET: "minioadminsecret" + AWS_ACCESS_KEY_ID: "minioadmin" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу + AWS_SECRET_ACCESS_KEY: "minioadminsecret" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу + OIDC_CLIENT_SECRET: "" SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. SMTP_PASSWORD: "1234" UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. diff --git a/traefic-http-to-https-redirect-middleware.yaml b/yonote-chart/templates/traefic-http-to-https-redirect-middleware.yaml similarity index 100% rename from traefic-http-to-https-redirect-middleware.yaml rename to yonote-chart/templates/traefic-http-to-https-redirect-middleware.yaml diff --git a/traefik-wss-headers-middleware.yaml b/yonote-chart/templates/traefik-wss-headers-middleware.yaml similarity index 100% rename from traefik-wss-headers-middleware.yaml rename to yonote-chart/templates/traefik-wss-headers-middleware.yaml diff --git a/yonote-chart/values-test.yaml b/yonote-chart/values-test.yaml new file mode 100644 index 0000000..6b39306 --- /dev/null +++ b/yonote-chart/values-test.yaml @@ -0,0 +1,264 @@ +global: + name: yonote-app + postgresql: + auth: + database: yonote + username: yonote + + yonote: + ingress: + ingressClassName: traefik + + dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` + + baseListenAddress: example.com + + config: + plain: + data: + NODE_ENV: production + FORCE_HTTPS: "false" + PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL + + BIND_HOST: 0.0.0.0 # Хост по умолчанию + PORT: "3000" # Порт по умолчанию + + REDIS_URL: redis://yonote-redis-master:6379 + + DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию + ENABLE_UPDATES: "false" + + AI_URL: "1234" + AI_API_KEY: "1234" + + URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения + COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать + + OIDC_DISPLAY_NAME: email + OIDC_SCOPES: openid email + OIDC_CLIENT_ID: yonote + OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' + OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote-test/protocol/openid-connect/logout' + OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote-test/protocol/openid-connect/token' + OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote-test/protocol/openid-connect/userinfo' + + AWS_S3_ACL: private + AWS_S3_UPLOAD_BUCKET_URL: http://s3.example.com # Адрес S3 хранилища + AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища + AWS_REGION: "ru_RU" + AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища + AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3 + S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean + S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. + + SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд + BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста + NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены + + TELEGRAM_API_URL: https://api.telegram.org + + UNSPLASH_API_BASENAME: https://api.unsplash.com + + RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 + + SMTP_HOST: "" + SMTP_USERNAME: "" + SMTP_FROM_EMAIL: "" + SMTP_REPLY_EMAIL: "" + SMTP_PORT: "" + SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ + SMTP_REQUIRE_TLS: "" + + yonote_cron_calendar_events: + cron_enabled: "true" + url: http://yonote-web/api/cron.calendar_events + + yonote_cron_task_scheduler: + cron_enabled: "true" + url: http://yonote-web/api/cron.schedule + +yonote-web: + fullnameOverride: yonote-web + nameOverride: yonote-web + name: web + image: + registry: images.updates.yonote.ru + repository: yonote + tag: 1.19.5 + pullPolicy: IfNotPresent + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 250m + memory: 256Mi + + ingress: + enabled: true + ingressClassName: traefik + hosts: "'*.example.com'" + annotations: + cert-manager.io/cluster-issuer: "" + traefik.ingress.kubernetes.io/router.middlewares: "{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{ .Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd" + extraTls: + - hosts: + - "'*.example.com'" + secretName: "'*.example.com'" + + # enabled: true + # hostname: "'*.example.com'" + # ingressClassName: nginx + # path: '/' + # pathType: Prefix + # annotations: + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/server-snippets: | + # location /realtime { + # proxy_set_header Upgrade $http_upgrade; + # proxy_http_version 1.1; + # proxy_set_header X-Forwarded-Host $http_host; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_set_header Host $host; + # proxy_set_header Connection "upgrade"; + # proxy_cache_bypass $http_upgrade; + # } + + # nginx.ingress.kubernetes.io/configuration-snippet: | + # more_set_headers "Host $http_host"; + # more_set_headers "X-Real-IP $remote_addr"; + # more_set_headers "X-Forwarded-Proto $scheme"; + # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # cert-manager.io/cluster-issuer: "" + # extraTls: + # - hosts: + # - "'*.example.com'" + # secretName: "'*.example.com'" + + containerPorts: + - containerPort: 3000 + name: app + protocol: TCP + service: + type: ClusterIP + port: 80 + targetPort: app + envFrom: + - configMapRef: + name: yonote-configs + - secretRef: + name: yonote-secrets + + podLabels: + redis-client: 'true' + podAnnotations: + checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" + checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + httpGet: + path: /_health + port: app + +yonote-database: + enabled: true + fullnameOverride: yonote-db + nameOverride: db + + primary: + persistence: + size: 500Mi + resources: + limits: + cpu: 250m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + +yonote-redis: + enabled: true + fullnameOverride: yonote-redis + nameOverride: redis + architecture: standalone + + auth: + enabled: false + + master: + persistence: + size: 200Mi + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + +minio: + enabled: true + name: minio + fullnameOverride: yonote-minio + nameOverride: minio + accessKey: "minioadmin" + secretKey: "minioadminsecret" + + persistence: + enabled: true + size: 500Mi + + ingress: + enabled: true + hostname: '"s3.example.com"' + annotations: + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + traefik.ingress.kubernetes.io/router.middlewares: "{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{ .Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd" + extraTls: + - hosts: + - s3.example.com + secretName: s3.example.com + + # ingress: + # enabled: true + # ingressClassName: nginx + # annotations: + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # more_set_headers "Host $http_host"; + # more_set_headers "X-Real-IP $remote_addr"; + # more_set_headers "X-Forwarded-Proto $scheme"; + # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # hosts: + # - host: s3.onprem-test.stands.wilix.dev + # paths: + # - path: / + # pathType: ImplementationSpecific + + resources: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + + buckets: + - name: yonote-bucket + policy: none \ No newline at end of file diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml deleted file mode 100644 index a183892..0000000 --- a/yonote-chart/values.yaml +++ /dev/null @@ -1,543 +0,0 @@ -global: - name: yonote-app - postgresql: - auth: - database: yonote - username: yonote - - yonote: - ingress: - ingressClassName: nginx - - dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - - baseListenAddress: example.com - - config: - plain: - data: - NODE_ENV: production - FORCE_HTTPS: "false" - PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL - - BIND_HOST: 0.0.0.0 # Хост по умолчанию - PORT: "3000" # Порт по умолчанию - - REDIS_URL: redis://yonote-redis-master:6379 - - DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию - ENABLE_UPDATES: "false" - - AI_URL: "1234" - AI_API_KEY: "1234" - - URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения - COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать - - OIDC_DISPLAY_NAME: email - OIDC_SCOPES: openid email - OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/auth' - OIDC_LOGOUT_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/logout' - OIDC_TOKEN_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/token' - OIDC_USERINFO_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/userinfo' - - AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища - AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища - AWS_REGION: "" - AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища - AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3 - S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean - S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. - - SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд - BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста - NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены - - TELEGRAM_API_URL: https://api.telegram.org - - UNSPLASH_API_BASENAME: https://api.unsplash.com - - RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 - - SMTP_HOST: "" - SMTP_USERNAME: "" - SMTP_FROM_EMAIL: "" - SMTP_REPLY_EMAIL: "" - SMTP_PORT: "" - SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ - SMTP_REQUIRE_TLS: "" - - yonote_cron_calendar_events: - cron_enabled: "true" - url: http://yonote-web/api/cron.calendar_events - - yonote_cron_task_scheduler: - cron_enabled: "true" - url: http://yonote-web/api/cron.schedule - -yonote-web: - fullnameOverride: yonote-web - nameOverride: yonote-web - name: web - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=web'] - - initContainers: - - name: yonote-migration - image: images.updates.yonote.ru/yonote:1.19.5 - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - '-c' - - npx sequelize db:migrate - env: - - name: NODE_ENV - value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - resources: - limits: - cpu: 350m - memory: 512Mi - requests: - cpu: 200m - memory: 128Mi - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-websocket: - fullnameOverride: yonote-websockets - nameOverride: yonote-websockets - name: websockets - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=websockets'] - - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 50m - memory: 128Mi - - checksums: null - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-whiteboard: - fullnameOverride: yonote-whiteboard - nameOverride: yonote-whiteboard - name: whiteboard - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=whiteboard'] - - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 50m - memory: 128Mi - - checksums: null - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-worker: - fullnameOverride: yonote-worker - nameOverride: yonote-worker - name: worker - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=worker'] - - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 256Mi - - checksums: null - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-collaboration: - fullnameOverride: yonote-collaboration - nameOverride: yonote-collaboration - name: collaboration - - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - - command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=collaboration'] - - checksums: null - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - - service: - type: ClusterIP - port: 80 - targetPort: app - - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - podLabels: - redis-client: 'true' - - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonote-database: - enabled: true - fullnameOverride: yonote-db - nameOverride: db - - primary: - persistence: - size: 500Mi - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - -yonote-redis: - enabled: true - fullnameOverride: yonote-redis - nameOverride: redis - architecture: standalone - - auth: - enabled: false - - master: - persistence: - size: 200Mi - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 50m - memory: 128Mi - -minio: - enabled: true - name: minio - fullnameOverride: yonote-minio - nameOverride: minio - accessKey: "minioadmin" - secretKey: "minioadminsecret" - - persistence: - enabled: true - size: 500Mi - - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - hosts: - - host: s3.example.com - paths: - - path: / - pathType: ImplementationSpecific - resources: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - cpu: 500m - - buckets: - - name: yonote-bucket - policy: none \ No newline at end of file diff --git a/yonote-keycloak-chart/Chart.lock b/yonote-keycloak-chart/Chart.lock deleted file mode 100644 index 41178bd..0000000 --- a/yonote-keycloak-chart/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: app - repository: https://dysnix.github.io/charts - version: 0.3.15 -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 11.6.2 -digest: sha256:4ff512f4cf7c217961e59af3e2cb656f4d6fc8441f17ce3da96ca1a03f58bf58 -generated: "2024-07-16T12:04:39.863844193+03:00" diff --git a/yonote-keycloak-chart/Chart.yaml b/yonote-keycloak-chart/Chart.yaml deleted file mode 100644 index f24e283..0000000 --- a/yonote-keycloak-chart/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -name: yonote-keycloak-chart -version: 1.0.0 -dependencies: -- name: app - version: "0.3.15" - repository: https://dysnix.github.io/charts - alias: keycloak -- name: postgresql - version: "11.6.2" - repository: https://charts.bitnami.com/bitnami - condition: keycloak-database.enabled - alias: keycloak-database \ No newline at end of file diff --git a/yonote-keycloak-chart/charts/app-0.3.15.tgz b/yonote-keycloak-chart/charts/app-0.3.15.tgz deleted file mode 100644 index b7125eb..0000000 Binary files a/yonote-keycloak-chart/charts/app-0.3.15.tgz and /dev/null differ diff --git a/yonote-keycloak-chart/charts/postgresql-11.6.2.tgz b/yonote-keycloak-chart/charts/postgresql-11.6.2.tgz deleted file mode 100644 index 64e0267..0000000 Binary files a/yonote-keycloak-chart/charts/postgresql-11.6.2.tgz and /dev/null differ diff --git a/yonote-keycloak-chart/secret-values.yaml b/yonote-keycloak-chart/secret-values.yaml deleted file mode 100644 index 548e04f..0000000 --- a/yonote-keycloak-chart/secret-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -keycloak: - secrets: - secrets: - stringData: - KEYCLOAK_ADMIN_PASSWORD: "12345" - KC_DB_PASSWORD: "3fWAxP6ZYp" \ No newline at end of file diff --git a/yonote-keycloak-chart/values.yaml b/yonote-keycloak-chart/values.yaml deleted file mode 100644 index 7725f23..0000000 --- a/yonote-keycloak-chart/values.yaml +++ /dev/null @@ -1,101 +0,0 @@ -global: - postgresql: - auth: - database: keycloak - username: keycloak - -keycloak-database: - enabled: true - fullnameOverride: yonote-keycloak-db - nameOverride: db - primary: - persistence: - size: 512Mi - -keycloak: - name: yonote-keycloak - fullnameOverride: yonote-keycloak - image: - registry: images.updates.yonote.ru - repository: yonote-keycloak - tag: latest - - command: - - /bin/sh - - -c - - | - "/opt/keycloak/bin/kc.sh" "start" - - configMaps: - configs: - data: - KEYCLOAK_ADMIN: root - KC_PROXY: edge - KC_HOSTNAME_STRICT: "false" - KC_HOSTNAME_ADMIN: auth.example.com/admin - KC_HOSTNAME: auth.example.com - KC_DB: postgres - KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak - KC_DB_URL_DATABASE: keycloak - KC_DB_USERNAME: keycloak - KC_HOSTNAME_STRICT_HTTPS: "false" - KC_HOSTNAME_PATH: "/" - - envFrom: - - configMapRef: - name: '{{ template "app.fullname" . }}-configs' - - secretRef: - name: '{{ template "app.fullname" . }}-secrets' - - checksums: - - secrets.yaml - - configmaps.yaml - - containerPorts: - - containerPort: 8080 - name: app - protocol: TCP - - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 150m - memory: 128Mi - - service: - service: - type: ClusterIP - port: 8080 - targetPort: 8080 - - ingress: - enabled: true - ingressClassName: nginx - pathType: ImplementationSpecific - hostname: auth.example.com - path: / - tls: false - - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: / - port: app - - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: / - port: app \ No newline at end of file