Merge pull request 'Remove-Bitnami-Dependencies' (#7) from Remove-Bitnami-Dependencies into 2.0.0

Reviewed-on: #7

README.md

@@ -1,5 +1,14 @@
 # Yonote Helm Chart
 
+**Критическое изменение**
+
+Данный чарт предназначен только для новых развертываний!
+
+Версия 2.x.x не совместима с предыдущими версиями 1.x.x данного чарта. Если вы попытаетесь использовать этот чарт для обновления существующего развертывания Yonote, это приведет к потере данных.
+
+Руководство по миграции будет предоставлено в ближайшее время.
+
+
 ## Обзор
 
 Этот Helm chart позволяет развернуть **Yonote** в Kubernetes. Он предоставляет быстрый и простой способ установки, настройки и управления приложением с помощью Helm.
@@ -48,6 +57,26 @@ helm install app -f values.yaml -f secret-values.yaml -n yonote-onprem .
 ```
 После выполнения команды начнётся установка приложения и всех дополнительных сервисов к нему. Остаётся только подождать, пока все сервисы запустятся.
 
+### 5. Keycloak
+
+Перед первым входом в Yonote необходимо обновить поле **Valid redirect URIs** клиента yonote в области (realm) Yonote в системе Keycloak.
+
+Уже существуют две записи, поэтому достаточно просто скопировать их и отредактировать.
+
+Например:
+
+Существующие записи:
+* http://example.com/*
+* https://example.com/*
+
+Добавить следующие:
+* http://app.example.com/*
+* https://app.example.com/*
+* https://app.example.com/auth/oidc.callback/*
+* https://team.example.com/*
+
+Примечание: символы * в URL-адресах являются подстановочными знаками и обозначают любые дополнительные пути после указанного базового URL.
+
 ### Обратная связь
 
 Если у вас есть вопросы или вам нужна помощь, пишите на email: hello@yonote.ru

yonote-chart-service/Chart.lock

@@ -14,17 +14,17 @@ dependencies:
 - name: app
   repository: https://dysnix.github.io/charts
   version: 0.3.15
-- name: postgresql
+- name: postgres
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://groundhog2k.github.io/helm-charts/
-  version: 11.6.6
+  version: 0.3.9
 - name: redis
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://groundhog2k.github.io/helm-charts/
-  version: 16.12.1
+  version: 0.7.0
 - name: minio
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://charts.min.io/
-  version: 12.7.0
+  version: 5.4.0
-- name: keycloak
+- name: keycloakx
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://codecentric.github.io/helm-charts
-  version: 14.0.0
+  version: 1.3.2
-digest: sha256:928723e189de54fafe19316743b8f9d08d7c74f9728b0c4afb1f5cd3ee1e83dc
+digest: sha256:ad0128ad6d526a8946d659481ec5dc19d1faf785919efbcc689a37ae80bc820e
-generated: "2024-08-25T00:46:01.648512702+03:00"
+generated: "2025-10-30T14:17:59.001901626+03:00"

yonote-chart-service/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
 name: yonote-chart
-version: 1.2.0
+version: 2.0.0
 description:
   Generic application Helm chart.
-  This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart.
+  This chart includes multiple dependencies. The base of this chart is derived from the Dysnix app chart.
 maintainers:
   - name: Dysnix
     email: support@dysnix.com
@@ -35,26 +35,26 @@ dependencies:
     repository: https://dysnix.github.io/charts
     alias: yonote-collaboration
 
-  - name: postgresql
+  - name: postgres
-    version: "11.6.6"
+    version: "0.3.9"
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://groundhog2k.github.io/helm-charts/
-    condition: yonoteDatabase.enabled
+    condition: postgres.enabled
-    alias: yonoteDatabase
+    alias: postgres
 
   - name: redis
-    version: "16.12.1"
+    version: "0.7.0"
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://groundhog2k.github.io/helm-charts/
-    condition: yonote-redis.enabled
+    condition: redis.enabled
-    alias: yonote-redis
+    alias: redis
 
   - name: minio
-    version: "12.7.0"
+    version: "5.4.0"
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://charts.min.io/
     condition: minio.enabled
     alias: minio
 
-  - name: keycloak
+  - name: keycloakx
-    version: "14.0.0"
+    version: "1.3.2"
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://codecentric.github.io/helm-charts
     condition: keycloak.enabled
     alias: keycloak

yonote-chart-service/secret-values.yaml

@@ -3,17 +3,17 @@ global:
     config:
       secret:
         stringData:
-          DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}'
+          DATABASE_URL: 'postgres://{{ .Values.postgres.userDatabase.user }}:{{ .Values.postgres.userDatabase.password }}@yonote-database:5432/{{ .Values.postgres.userDatabase.name }}'
-          POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}"
+          POSTGRES_PASSWORD: "{{ .Values.postgres.userDatabase.password }}"
-          AWS_ACCESS_KEY_ID: "{{ .Values.minio.customUser }}"  # Ваш идентификатор ключа доступа к AWS. 
+          AWS_ACCESS_KEY_ID: "qwer12314q" # Ваш идентификатор ключа доступа к AWS.
-          AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.customAccessKey }}" # Ваш секретный ключ доступа AWS. 
+          AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS.
-          OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
+          OIDC_CLIENT_SECRET: "{{ .Values.keycloak.secrets.secrets.stringData.OIDC_CLIENT_SECRET }}" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
           SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения.
           SMTP_PASSWORD: "1234"
           UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это.
           TELEGRAM_BOT_TOKEN: "1234"
           UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE"
-          LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения
+          LICENSE_KEY: "" # Обратитесь в отдел продаж для получения
           SERVICE_WORKER_PUBLIC_KEY: "1234"
           SERVICE_WORKER_PRIVATE_KEY: "1234"
         # Генерация ключей (web-push) Service Worker
@@ -22,22 +22,24 @@ global:
         # npx web-push generate-vapid-keys
         # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY)
 
-yonoteDatabase:
+postgres:
-  global:
+  settings:
-    postgresql:
+    superuserPassword: "QQYw4UjOU"
-      auth:
+  userDatabase:
-        password: "wsGZ6kXhr5"
+    password: "wsGZ6kXhr5"
-        postgresPassword: "QQYw4UjOU"
 
-# yonote-redis: # Если используете auth для redis
+redis:
-#   auth:
+  args:
-#     password: "12345678"
+    - "--user redis:redis"
 
 minio:
-  customAccessKey: "qwer-12314q-qwersa"
+  rootPassword: "qwettaas"
-  auth:
-    rootPassword: "qwettaas"
 
 keycloak:
-  auth:
+  database:
-   adminPassword: "root"
+    password: keycloakdbpassword
+  secrets:
+    secrets:
+      stringData:
+        KEYCLOAK_ADMIN_PASSWORD: secret
+        OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR"

yonote-chart-service/templates/configmap-initdb.yaml

@@ -3,5 +3,12 @@ kind: ConfigMap
 metadata:
   name: postgres-init-scripts
 data:
-  init.sql: |
+  init-keycloak-db.sh: |
-    CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}";
+    !/bin/bash
+    set -e
+
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE DATABASE {{ .Values.keycloak.database.database }};
+    CREATE USER {{ .Values.keycloak.database.username }} WITH PASSWORD '{{ .Values.keycloak.database.password }}';
+    GRANT ALL PRIVILEGES ON DATABASE keycloak TO {{ .Values.keycloak.database.username }};
+    EOSQL

yonote-chart-service/templates/mcJob.yaml

@@ -13,54 +13,22 @@ spec:
     spec:
       containers:
         - name: mc-client
-          image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0"
+          image: "minio/mc:RELEASE.2025-01-17T23-25-50Z"
           command: ["/bin/sh", "-c"]
           args:
             - |
-              until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do
+              until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.rootUser }} {{ .Values.minio.rootPassword }}; do
                 echo "Waiting for MinIO to be ready..."
                 sleep 5
               done
               echo "MinIO is ready and alias is set."
 
-              # Создание пользователя
-              if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then
-                echo "User {{ .Values.minio.customUser }} already exists or failed to create."
-              else
-                echo "User {{ .Values.minio.customUser }} created successfully."
-              fi
-
-              # Назначение политики для нового пользователя
-              cat <<EOF > /tmp/minio-user-policy.json
-              {
-                "Version": "2012-10-17",
-                "Statement": [
-                  {
-                    "Sid": "VisualEditor",
-                    "Effect": "Allow",
-                    "Action": [
-                      "s3:DeleteObject",
-                      "s3:GetObject",
-                      "s3:PutObject"
-                    ],
-                    "Resource": [
-                      "arn:aws:s3:::yonote-bucket/*"
-                    ]
-                  }
-                ]
-              }
-              EOF
-              echo "User policy JSON file created."
-
-              mc admin policy create myminio yonote-policy /tmp/minio-user-policy.json
-              echo "User policy created and applied."
-
               # Создание бакета
-              if ! mc ls myminio/yonote-bucket; then
+              if ! mc ls myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}; then
-                mc mb myminio/yonote-bucket
+                mc mb myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}
-                echo "Bucket yonote-bucket created successfully."
+                echo "Bucket {{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} created successfully."
               else
-                echo "Bucket yonote-bucket already exists."
+                echo "Bucket {{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} already exists."
               fi
 
               # Установка политик для бакета
@@ -79,7 +47,7 @@ spec:
                       "s3:GetBucketLocation"
                     ],
                     "Resource": [
-                      "arn:aws:s3:::yonote-bucket"
+                      "arn:aws:s3:::{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}"
                     ]
                   },
                   {
@@ -93,7 +61,7 @@ spec:
                       "s3:GetObject"
                     ],
                     "Resource": [
-                      "arn:aws:s3:::yonote-bucket/*"
+                      "arn:aws:s3:::{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}/*"
                     ]
                   }
                 ]
@@ -101,12 +69,9 @@ spec:
               EOF
               echo "Bucket policy JSON file created."
 
-              mc anonymous set-json /tmp/minio-bucket-policy.json myminio/yonote-bucket
+              mc anonymous set-json /tmp/minio-bucket-policy.json myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}
               echo "Bucket policy applied."
 
-              mc admin policy attach myminio yonote-policy --user={{ .Values.minio.customUser }}
-              echo "Policy attached to user {{ .Values.minio.customUser }}."
-
           resources:
             requests:
               memory: "128Mi"

yonote-chart-service/templates/realm-configmap.yaml

@@ -1,169 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: realm-export
-data:
-  realm-export.json: |
-    {
-    "realm": "yonote",
-    "enabled": true,
-    "notBefore": 1647809856,
-    "defaultSignatureAlgorithm": "RS256",
-    "revokeRefreshToken": false,
-    "refreshTokenMaxReuse": 0,
-    "accessTokenLifespan": 300,
-    "accessTokenLifespanForImplicitFlow": 900,
-    "ssoSessionIdleTimeout": 1800,
-    "ssoSessionMaxLifespan": 36000,
-    "ssoSessionIdleTimeoutRememberMe": 0,
-    "ssoSessionMaxLifespanRememberMe": 0,
-    "offlineSessionIdleTimeout": 2592000,
-    "offlineSessionMaxLifespanEnabled": false,
-    "offlineSessionMaxLifespan": 5184000,
-    "clientSessionIdleTimeout": 0,
-    "clientSessionMaxLifespan": 0,
-    "clientOfflineSessionIdleTimeout": 0,
-    "clientOfflineSessionMaxLifespan": 0,
-    "accessCodeLifespan": 60,
-    "accessCodeLifespanUserAction": 300,
-    "accessCodeLifespanLogin": 1800,
-    "actionTokenGeneratedByAdminLifespan": 43200,
-    "actionTokenGeneratedByUserLifespan": 300,
-    "oauth2DeviceCodeLifespan": 600,
-    "oauth2DevicePollingInterval": 5,
-    "sslRequired": "external",
-    "registrationAllowed": true,
-    "registrationEmailAsUsername": true,
-    "rememberMe": true,
-    "verifyEmail": false,
-    "loginWithEmailAllowed": true,
-    "duplicateEmailsAllowed": false,
-    "resetPasswordAllowed": true,
-    "editUsernameAllowed": false,
-    "bruteForceProtected": false,
-    "permanentLockout": false,
-    "maxFailureWaitSeconds": 900,
-    "minimumQuickLoginWaitSeconds": 60,
-    "waitIncrementSeconds": 60,
-    "quickLoginCheckMilliSeconds": 1000,
-    "maxDeltaTimeSeconds": 43200,
-    "failureFactor": 30,
-    "clients": [
-        {
-        "clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}",
-        "secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
-        "redirectUris": [
-            "https://*.{{ .Values.global.yonote.baseListenAddress }}/*",
-            "http://*.{{ .Values.global.yonote.baseListenAddress }}/*",
-            "http://app.{{ .Values.global.yonote.baseListenAddress }}/*",
-            "https://app.{{ .Values.global.yonote.baseListenAddress }}/*",
-            "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
-        ],
-        "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}",
-        "enabled": true,
-        "publicClient": false,
-        "protocol": "openid-connect",
-        "attributes": {
-            "client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
-            "display.on.consent.screen": "true"
-        },
-        "authenticationFlowBindingOverrides": {},
-        "fullScopeAllowed": false,
-        "protocolMappers": [
-            {
-            "name": "oidc-display-name",
-            "protocol": "openid-connect",
-            "protocolMapper": "oidc-usermodel-attribute-mapper",
-            "consentRequired": false,
-            "config": {
-                "userinfo.token.claim": "true",
-                "user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
-                "id.token.claim": "true",
-                "access.token.claim": "true",
-                "claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
-                "jsonType.label": "String"
-            }
-            }
-        ],
-        "defaultClientScopes": ["openid", "email"]
-        }
-    ],
-    "identityProviders": [],
-    "internationalizationEnabled": true,
-    "clientScopes": [
-        {
-        "name": "openid",
-        "protocol": "openid-connect",
-        "attributes": {
-            "include.in.token.scope": "true",
-            "display.on.consent.screen": "true",
-            "consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}"
-        },
-        "protocolMappers": []
-        },
-        {
-        "name": "email",
-        "protocol": "openid-connect",
-        "attributes": {
-            "include.in.token.scope": "true",
-            "display.on.consent.screen": "true"
-        },
-        "protocolMappers": [
-            {
-            "id": "56fe6d23-690a-465c-bc36-99bff8fef6eb",
-            "name": "email verified",
-            "protocol": "openid-connect",
-            "protocolMapper": "oidc-usermodel-property-mapper",
-            "consentRequired": false,
-            "config": {
-                "userinfo.token.claim": "true",
-                "user.attribute": "emailVerified",
-                "id.token.claim": "true",
-                "access.token.claim": "true",
-                "claim.name": "email_verified",
-                "jsonType.label": "boolean"
-            }
-            },
-            {
-            "id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc",
-            "name": "email",
-            "protocol": "openid-connect",
-            "protocolMapper": "oidc-usermodel-property-mapper",
-            "consentRequired": false,
-            "config": {
-                "userinfo.token.claim": "true",
-                "user.attribute": "email",
-                "id.token.claim": "true",
-                "access.token.claim": "true",
-                "claim.name": "email",
-                "jsonType.label": "String"
-            }
-            }
-        ]
-        }
-    ],
-    "browserSecurityHeaders": {
-        "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"
-    },
-    "webAuthnPolicyRpEntityName": "keycloak",
-    "webAuthnPolicySignatureAlgorithms": ["ES256"],
-    "webAuthnPolicyRpId": "",
-    "webAuthnPolicyAttestationConveyancePreference": "not specified",
-    "webAuthnPolicyAuthenticatorAttachment": "not specified",
-    "webAuthnPolicyRequireResidentKey": "not specified",
-    "webAuthnPolicyUserVerificationRequirement": "not specified",
-    "webAuthnPolicyCreateTimeout": 0,
-    "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
-    "webAuthnPolicyAcceptableAaguids": [],
-    "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
-    "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
-    "webAuthnPolicyPasswordlessRpId": "",
-    "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
-    "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
-    "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
-    "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
-    "webAuthnPolicyPasswordlessCreateTimeout": 0,
-    "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
-    "webAuthnPolicyPasswordlessAcceptableAaguids": [],
-    "smtpServer": {}
-    }

yonote-chart-service/values.yaml

@@ -7,6 +7,7 @@ global:
     config:
       plain:
         data:
+          DEBUG: debug
           NODE_ENV: production
           FORCE_HTTPS: "false"
           PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
@@ -15,7 +16,7 @@ global:
           BIND_HOST: 0.0.0.0 # Хост по умолчанию
           PORT: "3000" # Порт по умолчанию
 
-          REDIS_URL: redis://yonote-redis-master:6379
+          REDIS_URL: redis://yonote-redis:6379
 
           DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию 
           ENABLE_UPDATES: "false"
@@ -23,8 +24,10 @@ global:
           AI_URL: "1234"
           AI_API_KEY: "1234"
 
-          URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
+          URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}'  # Базовый url приложения
-          COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
+          COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}'  # Cервер, для нормальной работы это не нужно устанавливать
+
+          #DEPLOYMENT: 'hosted'
 
           OIDC_DISPLAY_NAME: email
           OIDC_SCOPES: openid email
@@ -35,7 +38,7 @@ global:
           OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена.
 
           AWS_S3_ACL: private
-          AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.example.com' # Адрес API S3 хранилища
+          AWS_S3_UPLOAD_BUCKET_URL: 'https://s3.example.com' # Адрес API S3 хранилища
           AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища 
           AWS_REGION: "RU"
           AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
@@ -53,11 +56,11 @@ global:
 
           RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
 
-          SMTP_HOST: ""
+          SMTP_HOST: "smtp.wilix.dev"
           SMTP_USERNAME: ""
           SMTP_FROM_EMAIL: ""
           SMTP_REPLY_EMAIL: ""
-          SMTP_PORT: ""
+          SMTP_PORT: "456"
           SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
           SMTP_REQUIRE_TLS: ""
 
@@ -75,58 +78,58 @@ ingress:
   namespace: yonote-onprem
   ingressClassName: traefik
   tls:
-    secretName: "you_tls_secret"
+    secretName: "example.com-tls"
     hosts:
       - "app.example.com"
       - "team.example.com"
   rules:
-  - host: "app.example.com"
+    - host: "app.example.com"
-    paths: 
+      paths:
-      - path: /
+        - path: /
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-web
+            name: yonote-web
-          port: 80
+            port: 80
-      - path: /realtime
+        - path: /realtime
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-websockets
+            name: yonote-websockets
-          port: 80
+            port: 80
-      - path: /whiteboard
+        - path: /whiteboard
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-whiteboard
+            name: yonote-whiteboard
-          port: 80
+            port: 80
-      - path: /collaboration
+        - path: /collaboration
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-collaboration
+            name: yonote-collaboration
-          port: 80
+            port: 80
-  - host: "team.example.com"
+    - host: "team.example.com"
-    paths: 
+      paths:
-      - path: /
+        - path: /
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-web
+            name: yonote-web
-          port: 80
+            port: 80
-      - path: /realtime
+        - path: /realtime
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-websockets
+            name: yonote-websockets
-          port: 80
+            port: 80
-      - path: /whiteboard
+        - path: /whiteboard
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-whiteboard
+            name: yonote-whiteboard
-          port: 80
+            port: 80
-      - path: /collaboration
+        - path: /collaboration
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-collaboration
+            name: yonote-collaboration
-          port: 80
+            port: 80
 
-  annotations:
+  #annotations:
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
+  #  cert-manager.io/cluster-issuer:  # Если используете
 
 yonote-web:
   fullnameOverride: yonote-web
@@ -136,7 +139,7 @@ yonote-web:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -144,7 +147,7 @@ yonote-web:
 
   initContainers:
     - name: yonote-migration
-      image: images.updates.yonote.ru/yonote:1.19.8
+      image: images.updates.yonote.ru/yonote:1.22.11
       imagePullPolicy: IfNotPresent
       command:
         - /bin/sh
@@ -220,7 +223,7 @@ yonote-websocket:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -289,7 +292,7 @@ yonote-whiteboard:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -358,7 +361,7 @@ yonote-worker:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -427,7 +430,7 @@ yonote-collaboration:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -488,104 +491,106 @@ yonote-collaboration:
       path: /_health
       port: app
 
-yonoteDatabase:
+postgres:
   enabled: true
-  global:
+  #settings:
-    postgresql:
+  # Default postgres
-      auth:
+  #  superuser:
-        database: "yonote"
+
-        username: "yonote"
+  userDatabase:
-  name: yonote-database
+    name: yonote
+    user: yonote
+
   fullnameOverride: yonote-database
   nameOverride: yonote-database
 
-  primary:
+  storage:
-    persistence:
+    requestedSize: 5Gi
-      size: 5Gi
+    className: ""
-    resources:
-      limits:
-        cpu: 2
-        memory: 8Gi
-      requests:
-        cpu: 500m
-        memory: 512Mi
 
-    extraVolumes:
+  resources:
-      - name: init-scripts
+    limits:
-        configMap:
+      cpu: 2
-          name: postgres-init-scripts
+      memory: 5Gi
+    requests:
+      cpu: 500m
+      memory: 512Mi
 
-    extraVolumeMounts:
+  extraScripts: postgres-init-scripts
-      - name: init-scripts
-        mountPath: /docker-entrypoint-initdb.d
-        readOnly: true
 
-yonote-redis:
+redis:
   enabled: true
   fullnameOverride: yonote-redis
   nameOverride: redis
-  architecture: standalone
-  image:
-    tag: 7.2.0-debian-11-r0
 
-  auth:
+  storage:
-    enabled: false
+    requestedSize: 1Gi
-  
+    className: ""
-  master:
+  resources:
-    persistence:
+    limits:
-      size: 5Gi
+      cpu: 1
-    resources:
+      memory: 4Gi
-      limits:
+    requests:
-        cpu: 1
+      cpu: 500m
-        memory: 4Gi
+      memory: 512Mi
-      requests:
-        cpu: 500m
-        memory: 512Mi
 
 minio:
   enabled: true
   name: minio
   fullnameOverride: yonote-minio
-  customUser: yonote
   nameOverride: yonote-minio
-  auth:
+  mode: standalone
-    rootUser: admin
+  rootUser: admin
 
-  image:
+  policies:
-    tag: 2024.8.3-debian-12-r1
+    - name: yonote_user_policy
+      statements:
+        - resources:
+            - 'arn:aws:s3:::yonote-bucket/*'
+          actions:
+            - "s3:GetObject"
+            - "s3:PutObject"
+            - "s3:DeleteObject"
+
+  users:
+    - accessKey: qwer12314q
+      secretKey: qwer-12314q-qwersa
+      policy: yonote_user_policy
 
   persistence:
     enabled: true
-    size: 5Gi
+    annotations:
+      helm.sh/resource-policy: keep
+    size: 1Gi
+    storageClass: ""
 
   ingress:
     enabled: true
-    hostname: 's3.example.com'
+    hosts:
+      - s3.example.com
     ingressClassName: traefik
     path: '/'
-    pathType: ImplementationSpecific
     annotations:
       kubernetes.io/ingress.class: traefik
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
+      #cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете
-    extraTls:
+    tls:
-    - hosts:
+      - hosts:
-        - "s3.example.com"
+          - "s3.example.com"
-      secretName: "you_tls_secret"
+        secretName: "example.com-tls"
 
-  apiIngress:
+  consoleIngress:
     enabled: true
-    hostname: 'api-s3.example.com'
+    hosts:
+      - s3-console.example.com
     ingressClassName: traefik
     path: '/'
-    pathType: ImplementationSpecific
-    servicePort: minio-api
     annotations:
       kubernetes.io/ingress.class: traefik
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
+      #cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете
-    extraTls:
+    tls:
-    - hosts:
+      - hosts:
-        - "api-s3.example.com"
+          - "s3-console.example.com"
-      secretName: "api-s3.example.com"
+        secretName: "example.com-tls"
 
   resources:
     requests:
@@ -599,36 +604,53 @@ mcJob:
   enabled: true
 
 keycloak:
+  enabled: true
   fullnameOverride: yonote-keycloak
   nameOverride: yonote-keycloak
 
-  auth:
+  image:
-    adminUser: root
+    repository: images.updates.yonote.ru/yonote-keycloak
+    tag: latest
 
-  proxy: "edge"
+  args:
+    - start-dev --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm
 
-  command:
+  cache:
-    - /bin/bash
+    stack: custom
-    - -c
-    - |
-       /opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database  --db-username postgres --db-password="$(DB_PASSWORD)"
 
-  extraEnvVars:
+  proxy:
-    - name: DB_PASSWORD
+    enabled: "false"
+
+  extraEnv: |
+    - name: KEYCLOAK_ADMIN
+      value: root
+    - name: KEYCLOAK_ADMIN_PASSWORD
       valueFrom:
         secretKeyRef:
-          name: yonote-database
+          name: {{ include "keycloak.fullname" . }}-secrets
-          key: postgres-password
+          key: KEYCLOAK_ADMIN_PASSWORD
+    - name: OIDC_CLIENT_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-secrets
+          key: OIDC_CLIENT_SECRET
+    - name: BASENAME_FOR_SUBDOMAIN
+      value: example.com
+    - name: KC_HOSTNAME_STRICT
+      value: "false"
+    - name: KC_HOSTNAME
+      value: auth.example.com
+    - name: KC_HOSTNAME_STRICT_HTTPS
+      value: "false"
+    - name: KC_HOSTNAME_PATH
+      value: "/"
+    - name: KC_HTTP_ENABLED
+      value: "true"
+    - name: PROXY_ADDRESS_FORWARDING
+      value: "true"
 
-  extraVolumes:
+  http:
-    - name: realm-export
+    relativePath: "/"
-      configMap:
-        name: realm-export
-
-  extraVolumeMounts:
-    - name: realm-export
-      mountPath: /opt/bitnami/keycloak/data/import/realm-export.json
-      subPath: realm-export.json
 
   ingress:
     enabled: true
@@ -637,20 +659,21 @@ keycloak:
     tls:
       - hosts:
           - "auth.example.com"
-        secretName: "auth.example.com-tls"
+        secretName: "example.com-tls"
     annotations:
       kubernetes.io/ingress.class: traefik
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете
+      #cert-manager.io/cluster-issuer:  #Если используете
+
     rules:
       - host: "auth.example.com"
         paths:
           - path: /
-            pathType: Prefix
+            pathType: ImplementationSpecific
             service:
               name: yonote-keycloak
               port: http
           - path: /admin
-            pathType: Prefix
+            pathType: ImplementationSpecific
             service:
               name: yonote-keycloak
               port: http
@@ -663,19 +686,27 @@ keycloak:
       cpu: 250m
       memory: 256Mi
 
-  postgresql:
+  dbchecker:
-    enabled: false
+    enabled: "true"
 
-  externalDatabase:
+  database:
-    host: jdbc:postgresql://yonote-database
+    vendor: postgres
+    hostname: yonote-database
     port: 5432
-    user: postgres
     database: keycloak
+    username: keycloak
 
-  livenessProbe:
+  livenessProbe: |
+    httpGet:
+      path: '{{ trimSuffix "/" .Values.http.relativePath}}/'
+      port: http
     initialDelaySeconds: 240
     timeoutSeconds: 5
 
-  readinessProbe:
+  # Readiness probe configuration
+  readinessProbe: |
+    httpGet:
+      path: '{{ trimSuffix "/" .Values.http.relativePath}}/realms/master'
+      port: http
     initialDelaySeconds: 120
-    timeoutSeconds: 5
+    timeoutSeconds: 1