From f3f0c36b6bd8604d88984b9f10224ccef444ac90 Mon Sep 17 00:00:00 2001 From: "artem.drozdov" Date: Mon, 7 Oct 2024 13:56:01 +0300 Subject: [PATCH] remove mono --- README.md | 2 +- yonote-chart-mono/Chart.lock | 18 - yonote-chart-mono/Chart.yaml | 40 -- yonote-chart-mono/secret-values.yaml | 45 -- yonote-chart-mono/templates/configmap.yaml | 10 - yonote-chart-mono/templates/cronjob.yaml | 69 ---- yonote-chart-mono/templates/ingress.yaml | 34 -- yonote-chart-mono/templates/mcJob.yaml | 39 -- .../templates/realm-configmap.yaml | 169 -------- yonote-chart-mono/templates/secret.yaml | 14 - yonote-chart-mono/values.yaml | 389 ------------------ 11 files changed, 1 insertion(+), 828 deletions(-) delete mode 100644 yonote-chart-mono/Chart.lock delete mode 100644 yonote-chart-mono/Chart.yaml delete mode 100644 yonote-chart-mono/secret-values.yaml delete mode 100644 yonote-chart-mono/templates/configmap.yaml delete mode 100644 yonote-chart-mono/templates/cronjob.yaml delete mode 100644 yonote-chart-mono/templates/ingress.yaml delete mode 100644 yonote-chart-mono/templates/mcJob.yaml delete mode 100644 yonote-chart-mono/templates/realm-configmap.yaml delete mode 100644 yonote-chart-mono/templates/secret.yaml delete mode 100644 yonote-chart-mono/values.yaml diff --git a/README.md b/README.md index 13e021a..c7b3338 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Этот Helm chart позволяет развернуть **Yonote** в Kubernetes. Он предоставляет быстрый и простой способ установки, настройки и управления приложением с помощью Helm. -В нашем проекте используются два подхода для управления сервисами с помощью Helm chart'ов: "mono" и "service". В варианте "mono" все сервисы запускаются в одном pod'е, что позволяет снизить использование ресурсов. В подходе "service" каждый сервис запускается в отдельном pod'е, что улучшает отказоустойчивость и стабильность системы, но требует больше ресурсов. +Мы запускаем сервисы Yonote в отдельных подах, что улучшает отказоустойчивость и стабильность системы. Такой подход позволяет каждому сервису иметь свою собственную среду выполнения и управлять ресурсами более эффективно. ## Требования diff --git a/yonote-chart-mono/Chart.lock b/yonote-chart-mono/Chart.lock deleted file mode 100644 index b42e272..0000000 --- a/yonote-chart-mono/Chart.lock +++ /dev/null @@ -1,18 +0,0 @@ -dependencies: -- name: app - repository: https://dysnix.github.io/charts - version: 0.3.15 -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 11.6.6 -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 16.12.1 -- name: minio - repository: https://charts.bitnami.com/bitnami - version: 12.7.0 -- name: keycloak - repository: https://charts.bitnami.com/bitnami - version: 14.0.0 -digest: sha256:b12099844193a7a06a5d15b80774592b1cf73af191b654154a9c7a6e8d51a2e0 -generated: "2024-08-25T04:02:50.20628049+03:00" diff --git a/yonote-chart-mono/Chart.yaml b/yonote-chart-mono/Chart.yaml deleted file mode 100644 index 14e7f59..0000000 --- a/yonote-chart-mono/Chart.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: v2 -name: yonote-chart -version: 1.2.0 -description: - Generic application Helm chart. - This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart. -maintainers: - - name: Dysnix - email: support@dysnix.com - url: https://github.com/dysnix/charts/tree/main/dysnix/app - -dependencies: - - name: app - version: "0.3.15" - repository: https://dysnix.github.io/charts - alias: yonote-web - - - name: postgresql - version: "11.6.6" - repository: https://charts.bitnami.com/bitnami - condition: yonoteDatabase.enabled - alias: yonoteDatabase - - - name: redis - version: "16.12.1" - repository: https://charts.bitnami.com/bitnami - condition: yonote-redis.enabled - alias: yonote-redis - - - name: minio - version: "12.7.0" - repository: https://charts.bitnami.com/bitnami - condition: minio.enabled - alias: minio - - - name: keycloak - version: "14.0.0" - repository: https://charts.bitnami.com/bitnami - condition: keycloak.enabled - alias: keycloak \ No newline at end of file diff --git a/yonote-chart-mono/secret-values.yaml b/yonote-chart-mono/secret-values.yaml deleted file mode 100644 index 2c6663b..0000000 --- a/yonote-chart-mono/secret-values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -global: - yonote: - config: - secret: - stringData: - DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}' - POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}" - AWS_ACCESS_KEY_ID: "{{ .Values.minio.auth.rootUser }}" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу - AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.auth.rootPassword }}" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу - OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). - SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. - SMTP_PASSWORD: "1234" - UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. - TELEGRAM_BOT_TOKEN: "1234" - UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения - SERVICE_WORKER_PUBLIC_KEY: "1234" - SERVICE_WORKER_PRIVATE_KEY: "1234" - # Генерация ключей (web-push) Service Worker - # 1) Установить Node.js и npm - # 2) Выполнить команду для генерации ключей - # npx web-push generate-vapid-keys - # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) - -yonoteDatabase: - global: - postgresql: - auth: - password: "wsGZ6kXhr5" - postgresPassword: "QQYw4UjOU" - -# yonote-redis: # Если используете пароль для redis -# auth: -# password: "12345678" - -minio: - auth: - rootPassword: "12345678" - -keycloak: - auth: - adminPassword: "root" - postgresql: - auth: - password: "tT9BqYdNyd" \ No newline at end of file diff --git a/yonote-chart-mono/templates/configmap.yaml b/yonote-chart-mono/templates/configmap.yaml deleted file mode 100644 index 52ca6f9..0000000 --- a/yonote-chart-mono/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: yonote-configs - labels: - {{- include "common.labels.standard" $ | nindent 4 }} - {{- with .Values.global.yonote.config.plain.data }} -data: - {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 2 }} - {{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/templates/cronjob.yaml b/yonote-chart-mono/templates/cronjob.yaml deleted file mode 100644 index 60a2763..0000000 --- a/yonote-chart-mono/templates/cronjob.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if eq ($.Values.global.yonote_cron_calendar_events.cron_enabled | toString) "true" }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: cron-calendar-events -spec: - schedule: "*/1 * * * *" - jobTemplate: - spec: - template: - spec: - containers: - - name: cron-calendar-events - image: curlimages/curl - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: yonote-secrets - command: - - /bin/sh - - -c - - >- - date; - curl - -X POST - {{ .Values.global.yonote_cron_calendar_events.url }} - -H "Content-Type: application/json" - -d ' - { - "token": "$(UTILS_SECRET)" - } - ' - restartPolicy: OnFailure -{{- end }} ---- -{{- if eq ($.Values.global.yonote_cron_task_scheduler.cron_enabled | toString) "true" }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: cron-task-scheduler -spec: - schedule: "0 */1 * * *" - jobTemplate: - spec: - template: - spec: - containers: - - name: cron-task-scheduler - image: curlimages/curl - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: yonote-secrets - command: - - /bin/sh - - -c - - >- - date; - curl - -X POST - {{ .Values.global.yonote_cron_task_scheduler.url }} - -H "Content-Type: application/json" - -d ' - { - "token":"$(UTILS_SECRET)", "limit":"200" - } - ' - restartPolicy: OnFailure -{{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/templates/ingress.yaml b/yonote-chart-mono/templates/ingress.yaml deleted file mode 100644 index 04bc8a6..0000000 --- a/yonote-chart-mono/templates/ingress.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Values.ingress.name }} - namespace: {{ .Values.ingress.namespace }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: "{{ $value }}" - {{- end }} -spec: - ingressClassName: {{ .Values.ingress.ingressClassName }} - tls: - - secretName: "{{ .Values.ingress.tls.secretName }}" - hosts: - {{- range .Values.ingress.tls.hosts }} - - "{{ . }}" - {{- end }} - rules: - {{- range .Values.ingress.rules }} - - host: "{{ .host }}" - http: - paths: - {{- range .paths }} - - path: {{ .path }} - pathType: {{ .pathType }} - backend: - service: - name: {{ .service.name }} - port: - number: {{ .service.port | int }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/templates/mcJob.yaml b/yonote-chart-mono/templates/mcJob.yaml deleted file mode 100644 index 7835bd2..0000000 --- a/yonote-chart-mono/templates/mcJob.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.mcJob.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: yonote-minio-mc-job - labels: - app: yonote-minio -spec: - template: - metadata: - labels: - app: yonote-minio - spec: - containers: - - name: mc-client - image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0" - command: ["/bin/sh", "-c"] - args: - - | - until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do - echo "Waiting for MinIO to be ready..." - sleep 5 - done - if ! mc ls myminio/yonote-bucket; then - mc mb myminio/yonote-bucket - else - echo "Bucket yonote-bucket already exists." - fi - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "200m" - restartPolicy: OnFailure - backoffLimit: 5 - ttlSecondsAfterFinished: 100 -{{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/templates/realm-configmap.yaml b/yonote-chart-mono/templates/realm-configmap.yaml deleted file mode 100644 index 11d7483..0000000 --- a/yonote-chart-mono/templates/realm-configmap.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: realm-export -data: - realm-export.json: | - { - "realm": "yonote", - "enabled": true, - "notBefore": 1647809856, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "sslRequired": "external", - "registrationAllowed": true, - "registrationEmailAsUsername": true, - "rememberMe": true, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "clients": [ - { - "clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}", - "secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", - "redirectUris": [ - "https://*.{{ .Values.global.yonote.baseListenAddress }}/*", - "http://*.{{ .Values.global.yonote.baseListenAddress }}/*", - "http://app.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://app.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" - ], - "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}", - "enabled": true, - "publicClient": false, - "protocol": "openid-connect", - "attributes": { - "client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", - "display.on.consent.screen": "true" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "protocolMappers": [ - { - "name": "oidc-display-name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": ["openid", "email"] - } - ], - "identityProviders": [], - "internationalizationEnabled": true, - "clientScopes": [ - { - "name": "openid", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}" - }, - "protocolMappers": [] - }, - { - "name": "email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "56fe6d23-690a-465c-bc36-99bff8fef6eb", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - } - ], - "browserSecurityHeaders": { - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';" - }, - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "smtpServer": {} - } \ No newline at end of file diff --git a/yonote-chart-mono/templates/secret.yaml b/yonote-chart-mono/templates/secret.yaml deleted file mode 100644 index 96a343f..0000000 --- a/yonote-chart-mono/templates/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: yonote-secrets - labels: - {{- include "common.labels.standard" $ | nindent 4 }} -type: Opaque - {{- with .Values.global.yonote.config.secret.data }} -data: - {{- toYaml . | nindent 2 }} - {{- end }} - {{- with .Values.global.yonote.config.secret.stringData }} -stringData: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 2 }} - {{- end }} \ No newline at end of file diff --git a/yonote-chart-mono/values.yaml b/yonote-chart-mono/values.yaml deleted file mode 100644 index b19eed9..0000000 --- a/yonote-chart-mono/values.yaml +++ /dev/null @@ -1,389 +0,0 @@ -global: - name: yonote-app - yonote: - dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - baseListenAddress: example.com # Доменный адрес для yonote - - config: - plain: - data: - NODE_ENV: production - FORCE_HTTPS: "false" - PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL - WEB_CONCURRENCY: "1" - - BIND_HOST: 0.0.0.0 # Хост по умолчанию - PORT: "3000" # Порт по умолчанию - - REDIS_URL: redis://yonote-redis-master:6379 - - DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию - ENABLE_UPDATES: "false" - - AI_URL: "1234" - AI_API_KEY: "1234" - - URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения - COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать - - OIDC_DISPLAY_NAME: email - OIDC_SCOPES: openid email - OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. - OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. - OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены - OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. - - AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища - AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища - AWS_REGION: "ru_RU" - AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища - AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3 - S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean - S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. - - SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд - BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста - NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены - - TELEGRAM_API_URL: https://api.telegram.org - - UNSPLASH_API_BASENAME: https://api.unsplash.com - - RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 - - SMTP_HOST: "" - SMTP_USERNAME: "" - SMTP_FROM_EMAIL: "" - SMTP_REPLY_EMAIL: "" - SMTP_PORT: "" - SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ - SMTP_REQUIRE_TLS: "" - - yonote_cron_calendar_events: - cron_enabled: "true" - url: http://yonote-web/api/cron.calendar_events - - yonote_cron_task_scheduler: - cron_enabled: "true" - url: http://yonote-web/api/cron.schedule - -yonote-web: - fullnameOverride: yonote-web - nameOverride: yonote-web - name: web - image: - registry: images.updates.yonote.ru - repository: yonote - tag: 1.19.5 - pullPolicy: IfNotPresent - resources: - limits: - cpu: "1" - memory: 1Gi - requests: - cpu: 250m - memory: 256Mi - -ingress: - enabled: true - name: yonote-ingress - namespace: yonote-onprem - ingressClassName: nginx - tls: - - secretName: "you_tls_secret" - hosts: - - "app.example.com" - - "team.example.com" - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/server-snippets: | - location /realtime { - proxy_set_header Upgrade $http_upgrade; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header Connection "upgrade"; - proxy_cache_bypass $http_upgrade; - } - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - cert-manager.io/cluster-issuer: "" - - rules: - - host: "app.example.com" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: yonote-web - port: - number: 80 - - path: /realtime - pathType: Prefix - backend: - service: - name: yonote-websockets - port: - number: 80 - - path: /whiteboard - pathType: Prefix - backend: - service: - name: yonote-whiteboard - port: - number: 80 - - path: /collaboration - pathType: Prefix - backend: - service: - name: yonote-collaboration - port: - number: 80 - - - host: "team.example.com" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: yonote-web - port: - number: 80 - - path: /realtime - pathType: Prefix - backend: - service: - name: yonote-websockets - port: - number: 80 - - path: /whiteboard - pathType: Prefix - backend: - service: - name: yonote-whiteboard - port: - number: 80 - - path: /collaboration - pathType: Prefix - backend: - service: - name: yonote-collaboration - port: - number: 80 - - containerPorts: - - containerPort: 3000 - name: app - protocol: TCP - service: - type: ClusterIP - port: 80 - targetPort: app - envFrom: - - configMapRef: - name: yonote-configs - - secretRef: - name: yonote-secrets - - podLabels: - redis-client: 'true' - podAnnotations: - checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" - checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: /_health - port: app - -yonoteDatabase: - enabled: true - global: - postgresql: - auth: - database: "yonote" - username: "yonote" - name: yonote-database - fullnameOverride: yonote-database - nameOverride: yonote-database - - primary: - persistence: - size: 500Mi - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - -yonote-redis: - enabled: true - fullnameOverride: yonote-redis - nameOverride: redis - architecture: standalone - - auth: - enabled: false - - master: - persistence: - size: 200Mi - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 50m - memory: 128Mi - -minio: - enabled: true - name: minio - fullnameOverride: yonote-minio - nameOverride: yonote-minio - auth: - rootUser: admin - - persistence: - enabled: true - size: 500Mi - - ingress: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - hosts: - - host: s3.example.com - paths: - - path: / - pathType: ImplementationSpecific - - resources: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - cpu: 500m - - buckets: - - name: yonote-bucket - policy: none - -mcJob: - enabled: true - -keycloak: - auth: - adminUser: root - - fullnameOverride: yonote-keycloak - nameOverride: yonote-keycloak - - command: - - /bin/bash - - -c - - | - /opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \ - /opt/bitnami/keycloak/bin/kc.sh start-dev - - extraEnvVars: - - name: KC_DB_PASSWORD - value: "tT9BqYdNyd" - - name: KEYCLOAK_PRODUCTION - value: "true" - - name: KC_HOSTNAME_URL - value: "https://auth.example.com" - - name: KC_HOSTNAME_ADMIN_URL - value: "https://auth.example.com" - - extraVolumes: - - name: realm-export - configMap: - name: realm-export - - extraVolumeMounts: - - name: realm-export - mountPath: /opt/bitnami/keycloak/data/import/realm-export.json - subPath: realm-export.json - - ingress: - enabled: true - hostname: auth.example.com - ingressClassName: traefik - tls: true - annotations: - kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - extraTls: - - hosts: - - "auth.example.com" - secretName: "you_tls_secret" - rules: - - host: "auth.example.com" - paths: - - path: / - pathType: Prefix - service: - name: yonote-keycloak - port: http - - path: /admin - pathType: Prefix - service: - name: yonote-keycloak - port: http - - proxy: "edge" - - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 150m - memory: 128Mi - - postgresql: - enabled: true - auth: - database: keycloak - username: keycloak - name: keycloak-database - fullnameOverride: keycloak-database - nameOverride: keycloak-database - primary: - persistence: - size: 512Mi \ No newline at end of file