update yonote-mono

2024-08-25 04:17:01 +03:00 · 2024-08-25 04:17:01 +03:00 · d7f0a14378
parent 700acbd09a
commit d7f0a14378
15 changed files with 500 additions and 122 deletions
--- a/yonote-chart-mono/Chart.lock
+++ b/yonote-chart-mono/Chart.lock
@ -10,6 +10,9 @@ dependencies:
  version: 16.12.1
 - name: minio
  repository: https://charts.bitnami.com/bitnami
-  version: 14.6.20
+  version: 12.7.0
-digest: sha256:dfaa7914dc55b5c305826ec1ed880af5c50904131aca19fe758d779719d35e99
+- name: keycloak
-generated: "2024-07-17T16:05:55.571392551+03:00"
+  repository: https://charts.bitnami.com/bitnami
  version: 14.0.0
 digest: sha256:b12099844193a7a06a5d15b80774592b1cf73af191b654154a9c7a6e8d51a2e0
 generated: "2024-08-25T04:02:50.20628049+03:00"
--- a/yonote-chart-mono/Chart.yaml
+++ b/yonote-chart-mono/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
 name: yonote-chart
-version: 1.2.1
+version: 1.2.0
 description:
  Generic application Helm chart.
-  This chart includes multiple dependencies. The base of this chart is derived from the Dysnix app chart.
+  This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart.
 maintainers:
  - name: Dysnix
    email: support@dysnix.com
@ -18,8 +18,8 @@ dependencies:
  - name: postgresql
    version: "11.6.6"
    repository: https://charts.bitnami.com/bitnami
-    condition: yonote-database.enabled
+    condition: yonoteDatabase.enabled
-    alias: yonote-database
+    alias: yonoteDatabase
  - name: redis
    version: "16.12.1"
@ -28,7 +28,13 @@ dependencies:
    alias: yonote-redis
  - name: minio
-    version: "14.6.20"
+    version: "12.7.0"
    repository: https://charts.bitnami.com/bitnami
    condition: minio.enabled
    alias: minio
  - name: keycloak
    version: "14.0.0"
    repository: https://charts.bitnami.com/bitnami
    condition: keycloak.enabled
    alias: keycloak
--- a/yonote-chart-mono/charts/app-0.3.15.tgz
+++ b/yonote-chart-mono/charts/app-0.3.15.tgz
--- a/yonote-chart-mono/charts/minio-14.6.20.tgz
+++ b/yonote-chart-mono/charts/minio-14.6.20.tgz
--- a/yonote-chart-mono/charts/postgresql-11.6.6.tgz
+++ b/yonote-chart-mono/charts/postgresql-11.6.6.tgz
--- a/yonote-chart-mono/charts/redis-16.12.1.tgz
+++ b/yonote-chart-mono/charts/redis-16.12.1.tgz
--- a/yonote-chart-mono/secret-values.yaml
+++ b/yonote-chart-mono/secret-values.yaml
@ -3,29 +3,43 @@ global:
    config:
      secret:
        stringData:
-          DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db:5432/{{ .Values.global.postgresql.auth.database }}'
+          DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}'
-          POSTGRES_PASSWORD: wsGZ6kXhr5
+          POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}"
-          AWS_ACCESS_KEY_ID: "minioadmin"  # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу
+          AWS_ACCESS_KEY_ID: "{{ .Values.minio.auth.rootUser }}"  # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу
-          AWS_SECRET_ACCESS_KEY: "minioadminsecret" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу
+          AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.auth.rootPassword }}" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу
-          OIDC_CLIENT_SECRET: "" 
+          OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
          SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения.
          SMTP_PASSWORD: "1234"
          UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это.
          TELEGRAM_BOT_TOKEN: "1234"
          UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" 
-          LICENSE_KEY: "" # Обратитесь в отдел продаж для получения
+          LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения
          SERVICE_WORKER_PUBLIC_KEY: "1234" 
          SERVICE_WORKER_PRIVATE_KEY: "1234"
-          # Генерация ключей (web-push) Service Worker
+        # Генерация ключей (web-push) Service Worker
-          # 1) Установить Node.js и npm 
+        # 1) Установить Node.js и npm 
-          # 2) Выполнить команду для генерации ключей
+        # 2) Выполнить команду для генерации ключей
-          # npx web-push generate-vapid-keys
+        # npx web-push generate-vapid-keys
-          # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY)
+        # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY)
 yonoteDatabase:
  global:
    postgresql:
      auth:
        password: "wsGZ6kXhr5"
        postgresPassword: "QQYw4UjOU"
 # yonote-redis: # Если используете пароль для redis
 #   auth:
 #     password: "12345678"
 minio:
  auth:
    rootPassword: "12345678"
 keycloak:
  auth:
   adminPassword: "root"
  postgresql:
    auth:
-      password: "wsGZ6kXhr5"
+      password: "tT9BqYdNyd"
      postgresPassword: "QQYw4UjOU"
--- a/yonote-chart-mono/templates/ingress.yaml
+++ b/yonote-chart-mono/templates/ingress.yaml
@ -0,0 +1,34 @@
 {{- if .Values.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ .Values.ingress.name }}
  namespace: {{ .Values.ingress.namespace }}
  annotations:
    {{- range $key, $value := .Values.ingress.annotations }}
    {{ $key }}: "{{ $value }}"
    {{- end }}
 spec:
  ingressClassName: {{ .Values.ingress.ingressClassName }}
  tls:
    - secretName: "{{ .Values.ingress.tls.secretName }}"
      hosts:
        {{- range .Values.ingress.tls.hosts }}
        - "{{ . }}"
        {{- end }}
  rules:
    {{- range .Values.ingress.rules }}
    - host: "{{ .host }}"
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            pathType: {{ .pathType }}
            backend:
              service:
                name: {{ .service.name }}
                port:
                  number: {{ .service.port | int }}
          {{- end }}
    {{- end }}
 {{- end }}
--- a/yonote-chart-mono/templates/mcJob.yaml
+++ b/yonote-chart-mono/templates/mcJob.yaml
@ -0,0 +1,39 @@
 {{- if .Values.mcJob.enabled }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: yonote-minio-mc-job
  labels:
    app: yonote-minio
 spec:
  template:
    metadata:
      labels:
        app: yonote-minio
    spec:
      containers:
        - name: mc-client
          image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0"
          command: ["/bin/sh", "-c"]
          args:
            - |
              until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do
                echo "Waiting for MinIO to be ready..."
                sleep 5
              done
              if ! mc ls myminio/yonote-bucket; then
                mc mb myminio/yonote-bucket
              else
                echo "Bucket yonote-bucket already exists."
              fi
          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "200m"
      restartPolicy: OnFailure
  backoffLimit: 5
  ttlSecondsAfterFinished: 100
 {{- end }}
--- a/yonote-chart-mono/templates/realm-configmap.yaml
+++ b/yonote-chart-mono/templates/realm-configmap.yaml
@ -0,0 +1,169 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: realm-export
 data:
  realm-export.json: |
    {
    "realm": "yonote",
    "enabled": true,
    "notBefore": 1647809856,
    "defaultSignatureAlgorithm": "RS256",
    "revokeRefreshToken": false,
    "refreshTokenMaxReuse": 0,
    "accessTokenLifespan": 300,
    "accessTokenLifespanForImplicitFlow": 900,
    "ssoSessionIdleTimeout": 1800,
    "ssoSessionMaxLifespan": 36000,
    "ssoSessionIdleTimeoutRememberMe": 0,
    "ssoSessionMaxLifespanRememberMe": 0,
    "offlineSessionIdleTimeout": 2592000,
    "offlineSessionMaxLifespanEnabled": false,
    "offlineSessionMaxLifespan": 5184000,
    "clientSessionIdleTimeout": 0,
    "clientSessionMaxLifespan": 0,
    "clientOfflineSessionIdleTimeout": 0,
    "clientOfflineSessionMaxLifespan": 0,
    "accessCodeLifespan": 60,
    "accessCodeLifespanUserAction": 300,
    "accessCodeLifespanLogin": 1800,
    "actionTokenGeneratedByAdminLifespan": 43200,
    "actionTokenGeneratedByUserLifespan": 300,
    "oauth2DeviceCodeLifespan": 600,
    "oauth2DevicePollingInterval": 5,
    "sslRequired": "external",
    "registrationAllowed": true,
    "registrationEmailAsUsername": true,
    "rememberMe": true,
    "verifyEmail": false,
    "loginWithEmailAllowed": true,
    "duplicateEmailsAllowed": false,
    "resetPasswordAllowed": true,
    "editUsernameAllowed": false,
    "bruteForceProtected": false,
    "permanentLockout": false,
    "maxFailureWaitSeconds": 900,
    "minimumQuickLoginWaitSeconds": 60,
    "waitIncrementSeconds": 60,
    "quickLoginCheckMilliSeconds": 1000,
    "maxDeltaTimeSeconds": 43200,
    "failureFactor": 30,
    "clients": [
        {
        "clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}",
        "secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
        "redirectUris": [
            "https://*.{{ .Values.global.yonote.baseListenAddress }}/*",
            "http://*.{{ .Values.global.yonote.baseListenAddress }}/*",
            "http://app.{{ .Values.global.yonote.baseListenAddress }}/*",
            "https://app.{{ .Values.global.yonote.baseListenAddress }}/*",
            "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
        ],
        "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}",
        "enabled": true,
        "publicClient": false,
        "protocol": "openid-connect",
        "attributes": {
            "client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
            "display.on.consent.screen": "true"
        },
        "authenticationFlowBindingOverrides": {},
        "fullScopeAllowed": false,
        "protocolMappers": [
            {
            "name": "oidc-display-name",
            "protocol": "openid-connect",
            "protocolMapper": "oidc-usermodel-attribute-mapper",
            "consentRequired": false,
            "config": {
                "userinfo.token.claim": "true",
                "user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
                "id.token.claim": "true",
                "access.token.claim": "true",
                "claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
                "jsonType.label": "String"
            }
            }
        ],
        "defaultClientScopes": ["openid", "email"]
        }
    ],
    "identityProviders": [],
    "internationalizationEnabled": true,
    "clientScopes": [
        {
        "name": "openid",
        "protocol": "openid-connect",
        "attributes": {
            "include.in.token.scope": "true",
            "display.on.consent.screen": "true",
            "consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}"
        },
        "protocolMappers": []
        },
        {
        "name": "email",
        "protocol": "openid-connect",
        "attributes": {
            "include.in.token.scope": "true",
            "display.on.consent.screen": "true"
        },
        "protocolMappers": [
            {
            "id": "56fe6d23-690a-465c-bc36-99bff8fef6eb",
            "name": "email verified",
            "protocol": "openid-connect",
            "protocolMapper": "oidc-usermodel-property-mapper",
            "consentRequired": false,
            "config": {
                "userinfo.token.claim": "true",
                "user.attribute": "emailVerified",
                "id.token.claim": "true",
                "access.token.claim": "true",
                "claim.name": "email_verified",
                "jsonType.label": "boolean"
            }
            },
            {
            "id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc",
            "name": "email",
            "protocol": "openid-connect",
            "protocolMapper": "oidc-usermodel-property-mapper",
            "consentRequired": false,
            "config": {
                "userinfo.token.claim": "true",
                "user.attribute": "email",
                "id.token.claim": "true",
                "access.token.claim": "true",
                "claim.name": "email",
                "jsonType.label": "String"
            }
            }
        ]
        }
    ],
    "browserSecurityHeaders": {
        "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"
    },
    "webAuthnPolicyRpEntityName": "keycloak",
    "webAuthnPolicySignatureAlgorithms": ["ES256"],
    "webAuthnPolicyRpId": "",
    "webAuthnPolicyAttestationConveyancePreference": "not specified",
    "webAuthnPolicyAuthenticatorAttachment": "not specified",
    "webAuthnPolicyRequireResidentKey": "not specified",
    "webAuthnPolicyUserVerificationRequirement": "not specified",
    "webAuthnPolicyCreateTimeout": 0,
    "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
    "webAuthnPolicyAcceptableAaguids": [],
    "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
    "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
    "webAuthnPolicyPasswordlessRpId": "",
    "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
    "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
    "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
    "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
    "webAuthnPolicyPasswordlessCreateTimeout": 0,
    "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
    "webAuthnPolicyPasswordlessAcceptableAaguids": [],
    "smtpServer": {}
    }
--- a/yonote-chart-mono/templates/traefic-http-to-https-redirect-middleware.yaml
+++ b/yonote-chart-mono/templates/traefic-http-to-https-redirect-middleware.yaml
@ -1,10 +0,0 @@
 {{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: redirect-https
 spec:
  redirectScheme:
    scheme: https
    permanent: true
 {{- end }}
--- a/yonote-chart-mono/templates/traefik-wss-headers-middleware.yaml
+++ b/yonote-chart-mono/templates/traefik-wss-headers-middleware.yaml
@ -1,10 +0,0 @@
 {{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: wss-headers
 spec:
  headers:
    customRequestHeaders:
      X-Forwarded-Proto: https
 {{- end }}
--- a/yonote-chart-mono/values.yaml
+++ b/yonote-chart-mono/values.yaml
@ -1,21 +1,13 @@
 global:
  name: yonote-app
  postgresql:
    auth:
      database: yonote
      username: yonote
  yonote:
    ingress:
      ingressClassName: nginx
    dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
-
+    baseListenAddress: example.com # Доменный адрес для yonote
    baseListenAddress: example.com
    config:
      plain:
        data:
          DEPLOYMENT: hosted
          NODE_ENV: production
          FORCE_HTTPS: "false"
          PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
@ -30,6 +22,7 @@ global:
          AI_URL: "1234"
          AI_API_KEY: "1234"
          WEB_CONCURRENCY: "1"
          URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
          COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
@ -38,12 +31,20 @@ global:
          OIDC_SCOPES: openid email
          OIDC_CLIENT_ID: yonote
          OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth'
          # OIDC_AUTH_URI: URL для авторизации пользователей через OpenID Connect (OIDC). 
          # Пользователь перенаправляется на этот адрес для входа в систему.
          OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout'
          # OIDC_LOGOUT_URI: URL для выхода из системы через OIDC. 
          # Пользователь перенаправляется на этот адрес для завершения сессии и выхода.
          OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token'
          # OIDC_TOKEN_URI: URL для получения токенов доступа и обновления. 
          # Этот адрес используется для обмена авторизационным кодом на токены
          OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo'
          # OIDC_USERINFO_URI: URL для получения информации о пользователе. 
          # Используется для получения данных профиля пользователя на основе его токена.
          AWS_S3_ACL: private
-          AWS_S3_UPLOAD_BUCKET_URL: http://s3.example.com # Адрес S3 хранилища
+          AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища
          AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища 
          AWS_REGION: "ru_RU"
          AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
@ -94,48 +95,100 @@ yonote-web:
      cpu: 250m
      memory: 256Mi
-  # ingress:
+ingress:
-  #   enabled: true
+  enabled: true
-  #   ingressClassName: traefik
+  name: yonote-ingress
-  #   hosts: "'*.example.com'"
+  namespace: yonote-onprem
-  #   annotations:
+  ingressClassName: nginx
-  #     cert-manager.io/cluster-issuer: ""
+  tls:
-  #     traefik.ingress.kubernetes.io/router.middlewares: "{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{ .Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd"
+    - secretName: "you_tls_secret"
-  #   extraTls:
+      hosts: 
-  #   - hosts:
+        - "app.example.com"
-  #       - "'*.example.com'"
+        - "team.example.com"
-  #     secretName: "'*.example.com'"
+  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/server-snippets: |
      location /realtime {
        proxy_set_header Upgrade $http_upgrade;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
      }
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Host              $http_host";
      more_set_headers "X-Real-IP         $remote_addr";
      more_set_headers "X-Forwarded-Proto $scheme";
      more_set_headers "X-Forwarded-For   $proxy_add_x_forwarded_for";        
    cert-manager.io/cluster-issuer: ""
-  ingress:
+  rules:
-    enabled: true
+  - host: "app.example.com"
-    hostname: "'*.example.com'"
+    http:
-    ingressClassName: nginx
+      paths:
-    path: '/'
+        - path: /
-    pathType: Prefix
+          pathType: Prefix
-    annotations:
+          backend:
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+            service:
-      nginx.ingress.kubernetes.io/server-snippets: |
+              name: yonote-web
-        location /realtime {
+              port:
-          proxy_set_header Upgrade $http_upgrade;
+                number: 80
-          proxy_http_version 1.1;
+        - path: /realtime
-          proxy_set_header X-Forwarded-Host $http_host;
+          pathType: Prefix
-          proxy_set_header X-Forwarded-Proto $scheme;
+          backend:
-          proxy_set_header X-Forwarded-For $remote_addr;
+            service:
-          proxy_set_header Host $host;
+              name: yonote-websockets
-          proxy_set_header Connection "upgrade";
+              port:
-          proxy_cache_bypass $http_upgrade;
+                number: 80
-          }        
+        - path: /whiteboard
          pathType: Prefix
          backend:
            service:
              name: yonote-whiteboard
              port:
                number: 80
        - path: /collaboration
          pathType: Prefix
          backend:
            service:
              name: yonote-collaboration
              port:
                number: 80
-      nginx.ingress.kubernetes.io/configuration-snippet: |
+  - host: "team.example.com"
-        more_set_headers "Host              $http_host";
+    http:
-        more_set_headers "X-Real-IP         $remote_addr";
+      paths:
-        more_set_headers "X-Forwarded-Proto $scheme";
+        - path: /
-        more_set_headers "X-Forwarded-For   $proxy_add_x_forwarded_for";        
+          pathType: Prefix
-      cert-manager.io/cluster-issuer: ""
+          backend:
-    tls:
+            service:
-    - hosts:
+              name: yonote-web
-        - "'*.example.com'"
+              port:
-      secretName: "'*.example.com'"
+                number: 80
        - path: /realtime
          pathType: Prefix
          backend:
            service:
              name: yonote-websockets
              port:
                number: 80
        - path: /whiteboard
          pathType: Prefix
          backend:
            service:
              name: yonote-whiteboard
              port:
                number: 80
        - path: /collaboration
          pathType: Prefix
          backend:
            service:
              name: yonote-collaboration
              port:
                number: 80
  containerPorts:
    - containerPort: 3000
@ -177,10 +230,16 @@ yonote-web:
      path: /_health
      port: app
-yonote-database: 
+yonoteDatabase:
  enabled: true
-  fullnameOverride: yonote-db
+  global:
-  nameOverride: db
+    postgresql:
      auth:
        database: "yonote"
        username: "yonote"
  name: yonote-database
  fullnameOverride: yonote-database
  nameOverride: yonote-database
  primary:
    persistence:
@ -217,25 +276,14 @@ minio:
  enabled: true
  name: minio
  fullnameOverride: yonote-minio
-  nameOverride: minio
+  nameOverride: yonote-minio
-  accessKey: "minioadmin"
+  auth:
-  secretKey: "minioadminsecret"
+    rootUser: admin
  persistence:
    enabled: true
    size: 500Mi
  # ingress:
  #   enabled: true
  #   hostname: '"s3.example.com"'
  #   annotations:
  #     cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
  #     traefik.ingress.kubernetes.io/router.middlewares: "{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{ .Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd"
  #   extraTls:
  #   - hosts:
  #       - s3.example.com
  #     secretName: s3.example.com
  ingress:
    enabled: true
    ingressClassName: nginx
@ -247,7 +295,7 @@ minio:
        more_set_headers "X-Forwarded-Proto $scheme";
        more_set_headers "X-Forwarded-For   $proxy_add_x_forwarded_for";
    hosts:
-      - host: s3.onprem-test.stands.wilix.dev
+      - host: s3.example.com
        paths:
          - path: /
            pathType: ImplementationSpecific
@ -263,3 +311,88 @@ minio:
    buckets:
      - name: yonote-bucket
        policy: none
 mcJob:
  enabled: true
 keycloak:
  auth:
    adminUser: root
  fullnameOverride: yonote-keycloak
  nameOverride: yonote-keycloak
  command:
    - /bin/bash
    - -c
    - |
      /opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \
      /opt/bitnami/keycloak/bin/kc.sh start-dev
  extraEnvVars:
    - name: KC_DB_PASSWORD
      value: "tT9BqYdNyd"
    - name: KEYCLOAK_PRODUCTION
      value: "true"
    - name: KC_HOSTNAME_URL
      value: "https://auth.example.com"
    - name: KC_HOSTNAME_ADMIN_URL
      value: "https://auth.example.com"
  extraVolumes:
    - name: realm-export
      configMap:
        name: realm-export
  extraVolumeMounts:
    - name: realm-export
      mountPath: /opt/bitnami/keycloak/data/import/realm-export.json
      subPath: realm-export.json
  ingress:
    enabled: true
    hostname: auth.example.com
    ingressClassName: traefik
    tls: true
    annotations:
      kubernetes.io/ingress.class: traefik
      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
    extraTls:
      - hosts:
          - "auth.example.com"
        secretName: "you_tls_secret"
    rules:
      - host: "auth.example.com"
        paths: 
          - path: /
            pathType: Prefix
            service:
              name: yonote-keycloak
              port: http
          - path: /admin
            pathType: Prefix
            service:
              name: yonote-keycloak
              port: http
  proxy: "edge"
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 150m
      memory: 128Mi
  postgresql:
    enabled: true
    auth:
      database: keycloak
      username: keycloak
    name: keycloak-database
    fullnameOverride: keycloak-database
    nameOverride: keycloak-database
    primary:
      persistence:
        size: 512Mi
--- a/yonote-chart-service/values.yaml
+++ b/yonote-chart-service/values.yaml
@ -538,7 +538,7 @@ minio:
  nameOverride: yonote-minio
  auth:
    rootUser: admin
-    rootPassword: "12345678"
+
  persistence:
    enabled: true