yonote/onprem-deploy
17
0
Fork 0
Code Pull Requests Releases Activity

Compare commits

base: yonote:2.0.0
Branches Tags
yonote:main
yonote:2.0.0
yonote:mono
yonote:hotfix-websocket-minio
..
compare: yonote:main
Branches Tags
yonote:2.0.0
yonote:main
yonote:mono
yonote:hotfix-websocket-minio

No commits in common. "2.0.0" and "main" have entirely different histories.
2.0.0 ... main

8 changed files with 467 additions and 332 deletions
Show Stats Expand all files Collapse all files

29
README.md
View File

@ -1,14 +1,5 @@
# Yonote Helm Chart
**Критическое изменение**
Данный чарт предназначен только для новых развертываний!
Версия 2.x.x не совместима с предыдущими версиями 1.x.x данного чарта. Если вы попытаетесь использовать этот чарт для обновления существующего развертывания Yonote, это приведет к потере данных.
Руководство по миграции будет предоставлено в ближайшее время.
## Обзор
Этот Helm chart позволяет развернуть **Yonote** в Kubernetes. Он предоставляет быстрый и простой способ установки, настройки и управления приложением с помощью Helm.
@ -57,26 +48,6 @@ helm install app -f values.yaml -f secret-values.yaml -n yonote-onprem .
```
После выполнения команды начнётся установка приложения и всех дополнительных сервисов к нему. Остаётся только подождать, пока все сервисы запустятся.
### 5. Keycloak
Перед первым входом в Yonote необходимо обновить поле **Valid redirect URIs** клиента yonote в области (realm) Yonote в системе Keycloak.
Уже существуют две записи, поэтому достаточно просто скопировать их и отредактировать.
Например:
Существующие записи:
* http://example.com/*
* https://example.com/*
Добавить следующие:
* http://app.example.com/*
* https://app.example.com/*
* https://app.example.com/auth/oidc.callback/*
* https://team.example.com/*
Примечание: символы * в URL-адресах являются подстановочными знаками и обозначают любые дополнительные пути после указанного базового URL.
### Обратная связь
Если у вас есть вопросы или вам нужна помощь, пишите на email: hello@yonote.ru

24
yonote-chart-service/Chart.lock
View File

@ -14,17 +14,17 @@ dependencies:
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: postgres
repository: https://groundhog2k.github.io/helm-charts/
version: 0.3.9
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.6
- name: redis
repository: https://groundhog2k.github.io/helm-charts/
version: 0.7.0
repository: https://charts.bitnami.com/bitnami
version: 16.12.1
- name: minio
repository: https://charts.min.io/
version: 5.4.0
- name: keycloakx
repository: https://codecentric.github.io/helm-charts
version: 1.3.2
digest: sha256:ad0128ad6d526a8946d659481ec5dc19d1faf785919efbcc689a37ae80bc820e
generated: "2025-10-30T14:17:59.001901626+03:00"
repository: https://charts.bitnami.com/bitnami
version: 12.7.0
- name: keycloak
repository: https://charts.bitnami.com/bitnami
version: 14.0.0
digest: sha256:928723e189de54fafe19316743b8f9d08d7c74f9728b0c4afb1f5cd3ee1e83dc
generated: "2024-08-25T00:46:01.648512702+03:00"

32
yonote-chart-service/Chart.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v2
name: yonote-chart
version: 2.0.0
version: 1.2.0
description:
Generic application Helm chart.
This chart includes multiple dependencies. The base of this chart is derived from the Dysnix app chart.
This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart.
maintainers:
- name: Dysnix
email: support@dysnix.com
@ -35,26 +35,26 @@ dependencies:
repository: https://dysnix.github.io/charts
alias: yonote-collaboration
- name: postgres
version: "0.3.9"
repository: https://groundhog2k.github.io/helm-charts/
condition: postgres.enabled
alias: postgres
- name: postgresql
version: "11.6.6"
repository: https://charts.bitnami.com/bitnami
condition: yonoteDatabase.enabled
alias: yonoteDatabase
- name: redis
version: "0.7.0"
repository: https://groundhog2k.github.io/helm-charts/
condition: redis.enabled
alias: redis
version: "16.12.1"
repository: https://charts.bitnami.com/bitnami
condition: yonote-redis.enabled
alias: yonote-redis
- name: minio
version: "5.4.0"
repository: https://charts.min.io/
version: "12.7.0"
repository: https://charts.bitnami.com/bitnami
condition: minio.enabled
alias: minio
- name: keycloakx
version: "1.3.2"
repository: https://codecentric.github.io/helm-charts
- name: keycloak
version: "14.0.0"
repository: https://charts.bitnami.com/bitnami
condition: keycloak.enabled
alias: keycloak

42
yonote-chart-service/secret-values.yaml
View File

@ -3,17 +3,17 @@ global:
config:
secret:
stringData:
DATABASE_URL: 'postgres://{{ .Values.postgres.userDatabase.user }}:{{ .Values.postgres.userDatabase.password }}@yonote-database:5432/{{ .Values.postgres.userDatabase.name }}'
POSTGRES_PASSWORD: "{{ .Values.postgres.userDatabase.password }}"
AWS_ACCESS_KEY_ID: "qwer12314q" # Ваш идентификатор ключа доступа к AWS.
AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS.
OIDC_CLIENT_SECRET: "{{ .Values.keycloak.secrets.secrets.stringData.OIDC_CLIENT_SECRET }}" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}'
POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}"
AWS_ACCESS_KEY_ID: "{{ .Values.minio.customUser }}" # Ваш идентификатор ключа доступа к AWS.
AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.customAccessKey }}" # Ваш секретный ключ доступа AWS.
OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения.
SMTP_PASSWORD: "1234"
UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это.
TELEGRAM_BOT_TOKEN: "1234"
UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE"
LICENSE_KEY: "" # Обратитесь в отдел продаж для получения
LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения
SERVICE_WORKER_PUBLIC_KEY: "1234"
SERVICE_WORKER_PRIVATE_KEY: "1234"
# Генерация ключей (web-push) Service Worker
@ -22,24 +22,22 @@ global:
# npx web-push generate-vapid-keys
# 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY)
postgres:
settings:
superuserPassword: "QQYw4UjOU"
userDatabase:
password: "wsGZ6kXhr5"
yonoteDatabase:
global:
postgresql:
auth:
password: "wsGZ6kXhr5"
postgresPassword: "QQYw4UjOU"
redis:
args:
- "--user redis:redis"
# yonote-redis: # Если используете auth для redis
# auth:
# password: "12345678"
minio:
rootPassword: "qwettaas"
customAccessKey: "qwer-12314q-qwersa"
auth:
rootPassword: "qwettaas"
keycloak:
database:
password: keycloakdbpassword
secrets:
secrets:
stringData:
KEYCLOAK_ADMIN_PASSWORD: secret
OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR"
auth:
adminPassword: "root"

11
yonote-chart-service/templates/configmap-initdb.yaml
View File

@ -3,12 +3,5 @@ kind: ConfigMap
metadata:
name: postgres-init-scripts
data:
init-keycloak-db.sh: |
!/bin/bash
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
CREATE DATABASE {{ .Values.keycloak.database.database }};
CREATE USER {{ .Values.keycloak.database.username }} WITH PASSWORD '{{ .Values.keycloak.database.password }}';
GRANT ALL PRIVILEGES ON DATABASE keycloak TO {{ .Values.keycloak.database.username }};
EOSQL
init.sql: |
CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}";

55
yonote-chart-service/templates/mcJob.yaml
View File

@ -13,22 +13,54 @@ spec:
spec:
containers:
- name: mc-client
image: "minio/mc:RELEASE.2025-01-17T23-25-50Z"
image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0"
command: ["/bin/sh", "-c"]
args:
- |
until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.rootUser }} {{ .Values.minio.rootPassword }}; do
until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do
echo "Waiting for MinIO to be ready..."
sleep 5
done
echo "MinIO is ready and alias is set."
# Создание бакета
if ! mc ls myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}; then
mc mb myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}
echo "Bucket {{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} created successfully."
# Создание пользователя
if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then
echo "User {{ .Values.minio.customUser }} already exists or failed to create."
else
echo "Bucket {{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} already exists."
echo "User {{ .Values.minio.customUser }} created successfully."
fi
# Назначение политики для нового пользователя
cat <<EOF > /tmp/minio-user-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::yonote-bucket/*"
]
}
]
}
EOF
echo "User policy JSON file created."
mc admin policy create myminio yonote-policy /tmp/minio-user-policy.json
echo "User policy created and applied."
# Создание бакета
if ! mc ls myminio/yonote-bucket; then
mc mb myminio/yonote-bucket
echo "Bucket yonote-bucket created successfully."
else
echo "Bucket yonote-bucket already exists."
fi
# Установка политик для бакета
@ -47,7 +79,7 @@ spec:
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}"
"arn:aws:s3:::yonote-bucket"
]
},
{
@ -61,7 +93,7 @@ spec:
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}/*"
"arn:aws:s3:::yonote-bucket/*"
]
}
]
@ -69,9 +101,12 @@ spec:
EOF
echo "Bucket policy JSON file created."
mc anonymous set-json /tmp/minio-bucket-policy.json myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}
mc anonymous set-json /tmp/minio-bucket-policy.json myminio/yonote-bucket
echo "Bucket policy applied."
mc admin policy attach myminio yonote-policy --user={{ .Values.minio.customUser }}
echo "Policy attached to user {{ .Values.minio.customUser }}."
resources:
requests:
memory: "128Mi"

169
yonote-chart-service/templates/realm-configmap.yaml Normal file
View File

@ -0,0 +1,169 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: realm-export
data:
realm-export.json: |
{
"realm": "yonote",
"enabled": true,
"notBefore": 1647809856,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": true,
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"clients": [
{
"clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}",
"secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
"redirectUris": [
"https://*.{{ .Values.global.yonote.baseListenAddress }}/*",
"http://*.{{ .Values.global.yonote.baseListenAddress }}/*",
"http://app.{{ .Values.global.yonote.baseListenAddress }}/*",
"https://app.{{ .Values.global.yonote.baseListenAddress }}/*",
"https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
],
"baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}",
"enabled": true,
"publicClient": false,
"protocol": "openid-connect",
"attributes": {
"client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
"display.on.consent.screen": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"protocolMappers": [
{
"name": "oidc-display-name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": ["openid", "email"]
}
],
"identityProviders": [],
"internationalizationEnabled": true,
"clientScopes": [
{
"name": "openid",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}"
},
"protocolMappers": []
},
{
"name": "email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "56fe6d23-690a-465c-bc36-99bff8fef6eb",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
},
{
"id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
}
]
}
],
"browserSecurityHeaders": {
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"
},
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": ["ES256"],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"smtpServer": {}
}

343
yonote-chart-service/values.yaml
View File

@ -7,7 +7,6 @@ global:
config:
plain:
data:
DEBUG: debug
NODE_ENV: production
FORCE_HTTPS: "false"
PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
@ -16,7 +15,7 @@ global:
BIND_HOST: 0.0.0.0 # Хост по умолчанию
PORT: "3000" # Порт по умолчанию
REDIS_URL: redis://yonote-redis:6379
REDIS_URL: redis://yonote-redis-master:6379
DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию
ENABLE_UPDATES: "false"
@ -24,10 +23,8 @@ global:
AI_URL: "1234"
AI_API_KEY: "1234"
URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
#DEPLOYMENT: 'hosted'
URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
@ -38,7 +35,7 @@ global:
OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена.
AWS_S3_ACL: private
AWS_S3_UPLOAD_BUCKET_URL: 'https://s3.example.com' # Адрес API S3 хранилища
AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.example.com' # Адрес API S3 хранилища
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища
AWS_REGION: "RU"
AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
@ -56,11 +53,11 @@ global:
RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
SMTP_HOST: "smtp.wilix.dev"
SMTP_HOST: ""
SMTP_USERNAME: ""
SMTP_FROM_EMAIL: ""
SMTP_REPLY_EMAIL: ""
SMTP_PORT: "456"
SMTP_PORT: ""
SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
SMTP_REQUIRE_TLS: ""
@ -78,58 +75,58 @@ ingress:
namespace: yonote-onprem
ingressClassName: traefik
tls:
secretName: "example.com-tls"
secretName: "you_tls_secret"
hosts:
- "app.example.com"
- "team.example.com"
rules:
- host: "app.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
- host: "team.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
- host: "app.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
- host: "team.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
#annotations:
# cert-manager.io/cluster-issuer: # Если используете
annotations:
# cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
yonote-web:
fullnameOverride: yonote-web
@ -139,7 +136,7 @@ yonote-web:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
@ -147,7 +144,7 @@ yonote-web:
initContainers:
- name: yonote-migration
image: images.updates.yonote.ru/yonote:1.22.11
image: images.updates.yonote.ru/yonote:1.19.8
imagePullPolicy: IfNotPresent
command:
- /bin/sh
@ -223,7 +220,7 @@ yonote-websocket:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
@ -292,7 +289,7 @@ yonote-whiteboard:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
@ -361,7 +358,7 @@ yonote-worker:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
@ -430,7 +427,7 @@ yonote-collaboration:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
@ -491,106 +488,104 @@ yonote-collaboration:
path: /_health
port: app
postgres:
yonoteDatabase:
enabled: true
#settings:
# Default postgres
# superuser:
userDatabase:
name: yonote
user: yonote
global:
postgresql:
auth:
database: "yonote"
username: "yonote"
name: yonote-database
fullnameOverride: yonote-database
nameOverride: yonote-database
storage:
requestedSize: 5Gi
className: ""
primary:
persistence:
size: 5Gi
resources:
limits:
cpu: 2
memory: 8Gi
requests:
cpu: 500m
memory: 512Mi
resources:
limits:
cpu: 2
memory: 5Gi
requests:
cpu: 500m
memory: 512Mi
extraVolumes:
- name: init-scripts
configMap:
name: postgres-init-scripts
extraScripts: postgres-init-scripts
extraVolumeMounts:
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
readOnly: true
redis:
yonote-redis:
enabled: true
fullnameOverride: yonote-redis
nameOverride: redis
architecture: standalone
image:
tag: 7.2.0-debian-11-r0
storage:
requestedSize: 1Gi
className: ""
resources:
limits:
cpu: 1
memory: 4Gi
requests:
cpu: 500m
memory: 512Mi
auth:
enabled: false
master:
persistence:
size: 5Gi
resources:
limits:
cpu: 1
memory: 4Gi
requests:
cpu: 500m
memory: 512Mi
minio:
enabled: true
name: minio
fullnameOverride: yonote-minio
customUser: yonote
nameOverride: yonote-minio
mode: standalone
rootUser: admin
auth:
rootUser: admin
policies:
- name: yonote_user_policy
statements:
- resources:
- 'arn:aws:s3:::yonote-bucket/*'
actions:
- "s3:GetObject"
- "s3:PutObject"
- "s3:DeleteObject"
users:
- accessKey: qwer12314q
secretKey: qwer-12314q-qwersa
policy: yonote_user_policy
image:
tag: 2024.8.3-debian-12-r1
persistence:
enabled: true
annotations:
helm.sh/resource-policy: keep
size: 1Gi
storageClass: ""
size: 5Gi
ingress:
enabled: true
hosts:
- s3.example.com
hostname: 's3.example.com'
ingressClassName: traefik
path: '/'
pathType: ImplementationSpecific
annotations:
kubernetes.io/ingress.class: traefik
#cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете
tls:
- hosts:
- "s3.example.com"
secretName: "example.com-tls"
# cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
extraTls:
- hosts:
- "s3.example.com"
secretName: "you_tls_secret"
consoleIngress:
apiIngress:
enabled: true
hosts:
- s3-console.example.com
hostname: 'api-s3.example.com'
ingressClassName: traefik
path: '/'
pathType: ImplementationSpecific
servicePort: minio-api
annotations:
kubernetes.io/ingress.class: traefik
#cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете
tls:
- hosts:
- "s3-console.example.com"
secretName: "example.com-tls"
# cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
extraTls:
- hosts:
- "api-s3.example.com"
secretName: "api-s3.example.com"
resources:
requests:
@ -604,53 +599,36 @@ mcJob:
enabled: true
keycloak:
enabled: true
fullnameOverride: yonote-keycloak
nameOverride: yonote-keycloak
image:
repository: images.updates.yonote.ru/yonote-keycloak
tag: latest
auth:
adminUser: root
args:
- start-dev --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm
proxy: "edge"
cache:
stack: custom
command:
- /bin/bash
- -c
- |
/opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database --db-username postgres --db-password="$(DB_PASSWORD)"
proxy:
enabled: "false"
extraEnv: |
- name: KEYCLOAK_ADMIN
value: root
- name: KEYCLOAK_ADMIN_PASSWORD
extraEnvVars:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-secrets
key: KEYCLOAK_ADMIN_PASSWORD
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-secrets
key: OIDC_CLIENT_SECRET
- name: BASENAME_FOR_SUBDOMAIN
value: example.com
- name: KC_HOSTNAME_STRICT
value: "false"
- name: KC_HOSTNAME
value: auth.example.com
- name: KC_HOSTNAME_STRICT_HTTPS
value: "false"
- name: KC_HOSTNAME_PATH
value: "/"
- name: KC_HTTP_ENABLED
value: "true"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
name: yonote-database
key: postgres-password
http:
relativePath: "/"
extraVolumes:
- name: realm-export
configMap:
name: realm-export
extraVolumeMounts:
- name: realm-export
mountPath: /opt/bitnami/keycloak/data/import/realm-export.json
subPath: realm-export.json
ingress:
enabled: true
@ -659,21 +637,20 @@ keycloak:
tls:
- hosts:
- "auth.example.com"
secretName: "example.com-tls"
secretName: "auth.example.com-tls"
annotations:
kubernetes.io/ingress.class: traefik
#cert-manager.io/cluster-issuer: #Если используете
# cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете
rules:
- host: "auth.example.com"
paths:
- path: /
pathType: ImplementationSpecific
pathType: Prefix
service:
name: yonote-keycloak
port: http
- path: /admin
pathType: ImplementationSpecific
pathType: Prefix
service:
name: yonote-keycloak
port: http
@ -686,27 +663,19 @@ keycloak:
cpu: 250m
memory: 256Mi
dbchecker:
enabled: "true"
postgresql:
enabled: false
database:
vendor: postgres
hostname: yonote-database
externalDatabase:
host: jdbc:postgresql://yonote-database
port: 5432
user: postgres
database: keycloak
username: keycloak
livenessProbe: |
httpGet:
path: '{{ trimSuffix "/" .Values.http.relativePath}}/'
port: http
livenessProbe:
initialDelaySeconds: 240
timeoutSeconds: 5
# Readiness probe configuration
readinessProbe: |
httpGet:
path: '{{ trimSuffix "/" .Values.http.relativePath}}/realms/master'
port: http
readinessProbe:
initialDelaySeconds: 120
timeoutSeconds: 1
timeoutSeconds: 5