update yonote-mono
This commit is contained in:
artem.drozdov
@@ -29,7 +29,7 @@ spec:
|
||||
{
|
||||
"token": "$(UTILS_SECRET)"
|
||||
}
|
||||
'
|
||||
'
|
||||
restartPolicy: OnFailure
|
||||
{{- end }}
|
||||
---
|
||||
@@ -64,6 +64,6 @@ spec:
|
||||
{
|
||||
"token":"$(UTILS_SECRET)", "limit":"200"
|
||||
}
|
||||
'
|
||||
'
|
||||
restartPolicy: OnFailure
|
||||
{{- end }}
|
||||
34
yonote-chart-mono/templates/ingress.yaml
Normal file
34
yonote-chart-mono/templates/ingress.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
{{- if .Values.ingress.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Values.ingress.name }}
|
||||
namespace: {{ .Values.ingress.namespace }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.ingress.annotations }}
|
||||
{{ $key }}: "{{ $value }}"
|
||||
{{- end }}
|
||||
spec:
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName }}
|
||||
tls:
|
||||
- secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
hosts:
|
||||
{{- range .Values.ingress.tls.hosts }}
|
||||
- "{{ . }}"
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.rules }}
|
||||
- host: "{{ .host }}"
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
pathType: {{ .pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ .service.name }}
|
||||
port:
|
||||
number: {{ .service.port | int }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
39
yonote-chart-mono/templates/mcJob.yaml
Normal file
39
yonote-chart-mono/templates/mcJob.yaml
Normal file
@@ -0,0 +1,39 @@
|
||||
{{- if .Values.mcJob.enabled }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: yonote-minio-mc-job
|
||||
labels:
|
||||
app: yonote-minio
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: yonote-minio
|
||||
spec:
|
||||
containers:
|
||||
- name: mc-client
|
||||
image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do
|
||||
echo "Waiting for MinIO to be ready..."
|
||||
sleep 5
|
||||
done
|
||||
if ! mc ls myminio/yonote-bucket; then
|
||||
mc mb myminio/yonote-bucket
|
||||
else
|
||||
echo "Bucket yonote-bucket already exists."
|
||||
fi
|
||||
resources:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "256Mi"
|
||||
cpu: "200m"
|
||||
restartPolicy: OnFailure
|
||||
backoffLimit: 5
|
||||
ttlSecondsAfterFinished: 100
|
||||
{{- end }}
|
||||
169
yonote-chart-mono/templates/realm-configmap.yaml
Normal file
169
yonote-chart-mono/templates/realm-configmap.yaml
Normal file
@@ -0,0 +1,169 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: realm-export
|
||||
data:
|
||||
realm-export.json: |
|
||||
{
|
||||
"realm": "yonote",
|
||||
"enabled": true,
|
||||
"notBefore": 1647809856,
|
||||
"defaultSignatureAlgorithm": "RS256",
|
||||
"revokeRefreshToken": false,
|
||||
"refreshTokenMaxReuse": 0,
|
||||
"accessTokenLifespan": 300,
|
||||
"accessTokenLifespanForImplicitFlow": 900,
|
||||
"ssoSessionIdleTimeout": 1800,
|
||||
"ssoSessionMaxLifespan": 36000,
|
||||
"ssoSessionIdleTimeoutRememberMe": 0,
|
||||
"ssoSessionMaxLifespanRememberMe": 0,
|
||||
"offlineSessionIdleTimeout": 2592000,
|
||||
"offlineSessionMaxLifespanEnabled": false,
|
||||
"offlineSessionMaxLifespan": 5184000,
|
||||
"clientSessionIdleTimeout": 0,
|
||||
"clientSessionMaxLifespan": 0,
|
||||
"clientOfflineSessionIdleTimeout": 0,
|
||||
"clientOfflineSessionMaxLifespan": 0,
|
||||
"accessCodeLifespan": 60,
|
||||
"accessCodeLifespanUserAction": 300,
|
||||
"accessCodeLifespanLogin": 1800,
|
||||
"actionTokenGeneratedByAdminLifespan": 43200,
|
||||
"actionTokenGeneratedByUserLifespan": 300,
|
||||
"oauth2DeviceCodeLifespan": 600,
|
||||
"oauth2DevicePollingInterval": 5,
|
||||
"sslRequired": "external",
|
||||
"registrationAllowed": true,
|
||||
"registrationEmailAsUsername": true,
|
||||
"rememberMe": true,
|
||||
"verifyEmail": false,
|
||||
"loginWithEmailAllowed": true,
|
||||
"duplicateEmailsAllowed": false,
|
||||
"resetPasswordAllowed": true,
|
||||
"editUsernameAllowed": false,
|
||||
"bruteForceProtected": false,
|
||||
"permanentLockout": false,
|
||||
"maxFailureWaitSeconds": 900,
|
||||
"minimumQuickLoginWaitSeconds": 60,
|
||||
"waitIncrementSeconds": 60,
|
||||
"quickLoginCheckMilliSeconds": 1000,
|
||||
"maxDeltaTimeSeconds": 43200,
|
||||
"failureFactor": 30,
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}",
|
||||
"secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
|
||||
"redirectUris": [
|
||||
"https://*.{{ .Values.global.yonote.baseListenAddress }}/*",
|
||||
"http://*.{{ .Values.global.yonote.baseListenAddress }}/*",
|
||||
"http://app.{{ .Values.global.yonote.baseListenAddress }}/*",
|
||||
"https://app.{{ .Values.global.yonote.baseListenAddress }}/*",
|
||||
"https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
|
||||
],
|
||||
"baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}",
|
||||
"enabled": true,
|
||||
"publicClient": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
|
||||
"display.on.consent.screen": "true"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": false,
|
||||
"protocolMappers": [
|
||||
{
|
||||
"name": "oidc-display-name",
|
||||
"protocol": "openid-connect",
|
||||
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||||
"consentRequired": false,
|
||||
"config": {
|
||||
"userinfo.token.claim": "true",
|
||||
"user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
|
||||
"id.token.claim": "true",
|
||||
"access.token.claim": "true",
|
||||
"claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
|
||||
"jsonType.label": "String"
|
||||
}
|
||||
}
|
||||
],
|
||||
"defaultClientScopes": ["openid", "email"]
|
||||
}
|
||||
],
|
||||
"identityProviders": [],
|
||||
"internationalizationEnabled": true,
|
||||
"clientScopes": [
|
||||
{
|
||||
"name": "openid",
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"include.in.token.scope": "true",
|
||||
"display.on.consent.screen": "true",
|
||||
"consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}"
|
||||
},
|
||||
"protocolMappers": []
|
||||
},
|
||||
{
|
||||
"name": "email",
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"include.in.token.scope": "true",
|
||||
"display.on.consent.screen": "true"
|
||||
},
|
||||
"protocolMappers": [
|
||||
{
|
||||
"id": "56fe6d23-690a-465c-bc36-99bff8fef6eb",
|
||||
"name": "email verified",
|
||||
"protocol": "openid-connect",
|
||||
"protocolMapper": "oidc-usermodel-property-mapper",
|
||||
"consentRequired": false,
|
||||
"config": {
|
||||
"userinfo.token.claim": "true",
|
||||
"user.attribute": "emailVerified",
|
||||
"id.token.claim": "true",
|
||||
"access.token.claim": "true",
|
||||
"claim.name": "email_verified",
|
||||
"jsonType.label": "boolean"
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc",
|
||||
"name": "email",
|
||||
"protocol": "openid-connect",
|
||||
"protocolMapper": "oidc-usermodel-property-mapper",
|
||||
"consentRequired": false,
|
||||
"config": {
|
||||
"userinfo.token.claim": "true",
|
||||
"user.attribute": "email",
|
||||
"id.token.claim": "true",
|
||||
"access.token.claim": "true",
|
||||
"claim.name": "email",
|
||||
"jsonType.label": "String"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"browserSecurityHeaders": {
|
||||
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"
|
||||
},
|
||||
"webAuthnPolicyRpEntityName": "keycloak",
|
||||
"webAuthnPolicySignatureAlgorithms": ["ES256"],
|
||||
"webAuthnPolicyRpId": "",
|
||||
"webAuthnPolicyAttestationConveyancePreference": "not specified",
|
||||
"webAuthnPolicyAuthenticatorAttachment": "not specified",
|
||||
"webAuthnPolicyRequireResidentKey": "not specified",
|
||||
"webAuthnPolicyUserVerificationRequirement": "not specified",
|
||||
"webAuthnPolicyCreateTimeout": 0,
|
||||
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
|
||||
"webAuthnPolicyAcceptableAaguids": [],
|
||||
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
|
||||
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
|
||||
"webAuthnPolicyPasswordlessRpId": "",
|
||||
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
|
||||
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
|
||||
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
|
||||
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
|
||||
"webAuthnPolicyPasswordlessCreateTimeout": 0,
|
||||
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
|
||||
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
|
||||
"smtpServer": {}
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }}
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: redirect-https
|
||||
spec:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
permanent: true
|
||||
{{- end }}
|
||||
@@ -1,10 +0,0 @@
|
||||
{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }}
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: wss-headers
|
||||
spec:
|
||||
headers:
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user